Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 4 Sep 2003 11:47:53 -0700
From:      Bill Fumerola <billf@FreeBSD.org>
To:        Sten Daniel S?rsdal <sten.daniel.sorsdal@wan.no>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: verrevpath - denies local multicast. Is this intended?
Message-ID:  <20030904184753.GB57940@elvis.mu.org>
In-Reply-To: <0AF1BBDF1218F14E9B4CCE414744E70F07DF28@exchange.wanglobal.net>
References:  <0AF1BBDF1218F14E9B4CCE414744E70F07DF28@exchange.wanglobal.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Fri, Aug 29, 2003 at 02:45:55PM +0200, Sten Daniel S?rsdal wrote:
> 
> when using verrevpath it seems to drop local multicast packets suck as RIP2.
> i use it as suggested; deny log ip from any to any not verrevpath
> 
> logentry:
> Aug 29 14:32:08 <security.info> fictious /kernel: ipfw: 1011 Deny UDP 80.86.140.54:520 224.0.0.9:520 in via fxp1
> 
>  does this mean it should deny multicast and broadcasts or that it really should 
>  verify that the multicast path is correct? 

i won't speak to what it should do, but...

just add a specific rule before '1011' that allows rip2 traffic to that
multicast addr. use 224.0.0.0/4 if you don't want to deal with it again.


-- 
- bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20030904184753.GB57940>