Date: Sun, 6 Oct 2019 12:15:21 -0700 (PDT) From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> To: starikarp@dismail.de Cc: ipfw@freebsd.org Subject: Re: igmp query v3 Message-ID: <201910061915.x96JFLAJ068660@gndrsh.dnsmgr.net> In-Reply-To: <20191006145853.1459f62e@dismail.de>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi!
>
> My system is FreeBSD 12.0-RELEASE-p10 (amd64) and I start learning ipfw
> firewall.
> I have a line:
> cmd 01090 deny log all from any to 224.0.0.0/4 in via $pif
^^^ all translates to ipv4 or ipv6
>From /etc/protocols ip is protocol 0, ipv6 is protocol 41
igmp is protocol 2
Your rule needs to be
cmd 01090 deny log igmp from any to 224.0.0.0/4 in via $pif
> but I never seen anything about blocking igmp.
> Mine pf firewall settings block all the time and I get:
>
> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 262144 bytes
> 2019-10-05 06:47:08.677668 rule 12/0(match): block in on bge0:
> 192.168.1.1 > 224.0.0.1: igmp query v3 [max resp time 1.0s]
>
> Why ipfw doesn't block anything, please? What I doing wrong?
>
> Thank you.
>
>
> --
> ?Hungry man, reach for the book: it is a weapon.?
>
> ? Bertolt Brecht
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
>
--
Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201910061915.x96JFLAJ068660>