Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] logs shows 224.0.0.1 being dropped ALOT.

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 4 Posters 9.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      whitekalu
      last edited by whitekalu

      Hello everybody.
      snapshot of Multicast address being dropped.
      My firewall log rules dirty filled up with 224.0.0.1 How can I avoid it.
      If I Click on block action detail it says--> @9(1000000103) block drop in log inet all label "Default deny rule IPv4"
      Thanks
      Firewall-Rules.JPG

      1 Reply Last reply Reply Quote 0
      • A
        akuma1x
        last edited by

        I'm kinda guessing here, maybe one of the networking pros can chime in, but it looks to me like you're double NAT'ed behind your ISP modem, since that source IP address in an RFC1918 private network address. That just might be your modem blasting out all that IGMP traffic and your pfsense is dropping it with the default deny rule.

        How is your network setup - ISP, type of service, modem is handing out addresses in what scope (dhcp or static), bridging your modem directly into your pfsense, etc?

        Jeff

        1 Reply Last reply Reply Quote 0
        • W
          whitekalu
          last edited by

          Thankyou akuma1x.
          yes seems like my Mikrotik router is trying to do something
          attached is my network diagram
          Thanksnetwork-diagram.jpg

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            If that is traffic you do not want, then setup a rule to block it without logging.

            If that is traffic you do want, then setup a rule to pass it, and since it's IGMP, tick the box in advanced options to allow packets with IP options to pass.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            W 1 Reply Last reply Reply Quote 0
            • W
              whitekalu @jimp
              last edited by

              @jimp said in logs shows 224.0.0.1 being dropped ALOT.:

              If that is traffic you do not want, then setup a rule to block it without logging.

              If that is traffic you do want, then setup a rule to pass it, and since it's IGMP, tick the box in advanced options to allow packets with IP options to pass.

              Thankyou jimp,
              I got it now I can configure the firewall accordingly as per your instructions
              but I still have one question, I don't know this is a proper place to ask.
              If I block the 224.0.0.1 Traffic what will be the downside ? Will I miss any thing from other devices on network like not being able to communicate with them I hope one of the senior member will enlighten me.
              Thanks

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                It is multicast. Unless you have something on pfSense that needs to see it, like igmpproxy, then it's harmless to block. It can't route outside of the subnet, so it's of no use to a firewall in most cases.

                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 1
                • W
                  whitekalu
                  last edited by

                  Thanks jimpp,
                  Now Everything is clear with 224.0.0.1.
                  The firewall is now noiseless as it's dropping without logging.

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    sonicnguyen @whitekalu
                    last edited by

                    @whitekalu how can you do it? I mean clear 224.0.0.1. Can you show me?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.