News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  General Questions
linktree Topic: Diagnostics: Logs contains entries even though they should be filtered out
Pages: [1]
Topic: Diagnostics: Logs contains entries even though they should be filtered out  (Read 2562 times)
« on: March 02, 2011, 22:21:05 »
Tgellan *
Posts: 10
Hello,

I do use m0n0wall with a LAN and a WLAN interface. The WLAN interface is bridged to the LAN interface. Things work rather fine, but I do have some weird problems...

One rule I do have on both LAN and WLAN interfaces is the following:
Block
no log
protocoll: IGMP
source: * 
destination: * 
port: *

As far as my understanding goes, that rule means that it should restrict any IGMP package from leaving my network by silently dropping them at firewall level. Additionnally it should not report this in the logs...
Well my logs are just filled up with lots and lots of entries related to IGMP packages blocked...

This is from my log:
Blocked: 21:56:59.691573 bridge0 192.168.200.50 224.0.0.251 IGMP

Here's the related line in status.php:
Mar  2 21:56:59 m0n0wall ipmon[154]: 21:56:59.691573 bridge0 @0:3 b 192.168.200.50 -> 224.0.0.251 PR igmp len 24 (32) IN low-ttl multicast

ipfstat -nio at Block 0:
@3 pass out quick on vr1 proto udp from 192.168.150.20/32 port = bootps to any port = bootpc
@3 block in log quick from any to any with ipopts

Thanks for your help on getting rid of these unwanted log entries
TGellan
« Reply #1 on: March 15, 2011, 22:05:17 »
brushedmoss ****
Posts: 446
looks like the packet is being blocked and logged by the built in ruleset before your rule...
« Reply #2 on: March 17, 2011, 17:37:05 »
Tgellan *
Posts: 10
Hi,

That´s how I do understand it too, but what I do not understand, is that this problem seems to only affect me...? This is a problem that does occur so often, that I can´t use the log, it is simply filled up with these reports :-(

Is there anything I could do, in order to get rid of these entries?

Thanks
« Reply #3 on: May 11, 2011, 08:39:50 »
saily *
Posts: 5
Same problem here. m0n0wall 1.33 on alix.
The only way which fix my problem was flashing back to 1.3b16 (before they switched to if_bridge).

If i bridge one interface to another i'm able to add a new interface in "Interfaces (assign)" called bridge0.
I tried that and assigned some rules on it, but that did not work either.

I'm running out of ideas, any hints?
« Reply #4 on: May 11, 2011, 09:31:30 »
brushedmoss ****
Posts: 446
There is an option under advanced to disable spoof checking on the bridge, this will disable the rules that are probably causing these logs.   This obviously will allow more traffic throguh you firewall on bridged interfaces thouigh
« Reply #5 on: May 18, 2011, 08:54:25 »
saily *
Posts: 5
hi brushedmoss,

so then we should file a ticket, because this option does not work for me. can anybode check this twice?
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines