My firewall logs are being flooded with logs of packets being blocked that i don't want to be blocked:
http://i.stack.imgur.com/PBeqN.pngEvery 3 seconds there are 2 packets being broadcast from my machine:
- Interface: LAN
- Source IP: fe80::742c:6fb9:aac3:8dc8 (my desktop pc)
- Source Port: 56904 (randomly assigned outgoing port)
- Destination IP: ff02::c (IPv6 link local multicast address)
- Destination Port: 1900 (Simple Service Discovery Protocol)
- Protocol: UDP
These are IPv6 packets on the
LAN interface that are being blocked. Except i
allow all traffic on the LAN interface:
http://i.stack.imgur.com/5LSSe.pngAnd just for good measure i allow
all IPv4 traffic on my LAN interface:
http://i.stack.imgur.com/iGkxn.pngWhy are SSDP multicast packets on my LAN being blocked, and how do i stop blocking them?
Note: The reason i am seeing them in the log is because i've asked m0n0wall to log packets blocked by the default rule:
http://i.stack.imgur.com/2iGRU.pngi did this to confirm that no packets should be blocked, because no packets should be blocked.
Looking at the logs in "raw" mode:
07:31:47.282546 rl0 @0:16 b fe80::742c:6fb9:aac3:8dc8,56904 -> ff02::c,1900 PR udp len 40 194 IN low-ttl multicast
Reveals nothing interesting:
- Time: 07:31:47.28546
- Interface: rl0 (LAN)
- Group/Rule: @0:16
- Action: b (Block)
- From address: fe80::742c:6fb9:aac3:8dc8 (my desktop pc)
- From port: 56904
- To address: ff02::c (IPv6 link local multicast address)
- To port: 1900 (SSDP)
- Protocol: PR udp (UDP)
- Packet length: len 40 (40 bytes)
- Other: 194 IN low-ttl multicast
With m0n0wall's
status.php page showing for
ipfstat -nio:
ipfstat -nio
...
@16 block in log quick on rl0 all head 100
...
# Group 100
@1 pass in quick from 192.168.0.0/16 to 192.168.1.1/32 keep state group 100
@2 pass in quick from any to any keep state group 100
...
Cross-posted from superuser.com
m0n0wall Forum > m0n0wall Support (English) > Firewall/NAT
Topic: Why are SSDP multicast packets blocked on m0n0wall; how to unblock them?