Author Topic: Silencing Multicast Traffic in the Log (Read 141 times)

chw0 · « **on:** October 21, 2024, 04:36:57 pm »

Hi, a entry with proto "pgm" and a static ip address appears every second in the firewall log (see attachment). I can't manage to create a rule that filters this entry. The "src"-IP already has full access.

Can anyone please point me in the right direction? Help

edit: OPNsense 23.7.9-amd64

Patrick M. Hausen · « **Reply #1 on:** October 21, 2024, 05:02:50 pm »

That's an experimental protocol, no idea why this particular device would use it:

https://en.wikipedia.org/wiki/Pragmatic_General_Multicast

But why don't you disable logging for that rule?

chw0 · « **Reply #2 on:** October 21, 2024, 07:05:36 pm »

Hi Patrick, that's the strange thing. The specified rule (Rule No 189) has nothing to do with multicast and logging is not activated for her either. If i disable this rule, the log entry still appears - but this time with a different rule number.

Patrick M. Hausen · « **Reply #3 on:** October 21, 2024, 07:13:58 pm »

I mean that is a standard "allow all" rule, so of course it also catches multicast destinations. Why do you log hits for your allow rules?

chw0 · « **Reply #4 on:** October 21, 2024, 07:34:38 pm »

I do not have a activated rule, where logging is enabled. That's why I'm at such a loss

Btw., "Log packets matched from the default pass rules put in the ruleset" in "Settings - Logging" is not enabled

Author Topic: Silencing Multicast Traffic in the Log (Read 141 times)

chw0

Silencing Multicast Traffic in the Log

Patrick M. Hausen

Re: Silencing Multicast Traffic in the Log

chw0

Re: Silencing Multicast Traffic in the Log

Patrick M. Hausen

Re: Silencing Multicast Traffic in the Log

chw0

Re: Silencing Multicast Traffic in the Log