Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocked IGMP packets flooding my logs -- IGMP snooping???

    Scheduled Pinned Locked Moved Firewalling
    21 Posts 4 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mer @spookymonkey
      last edited by

      @spookymonkey It's been a while, but I started with default deny all-interfaces, skip lo0 then started adding allow rules. Suprisingly few are actually needed, less than a dozen. Windows Updates does some weird stuff to broadcast and port 0 but for normal operations the allowed list is pretty short.
      You wind up seeing some "co-opting" of protocols (something that is normally TCP only Google decided to use it as UDP for something) so you need to adjust things.

      Packet capture/analysis: google up Wireshark. Lots of good information. You can wind up banging your head, so pick one thing and trace it (NTP is a good one to start with I think). It's not just about the packets, it's about the contents of the packets and the protocols (TCP vs UDP) so get used to looking at specific bits in packets.
      Can make your head hurt at times, but what you see on the wire is what you are working with.

      pfSense and pretty much every other commercial solution has a "default deny in WAN, allow all out WAN". It's the best way to get things to work, but I think you need to keep an eye on the LAN side to make sure you don't leak things (my opinion figure out what is best for you).

      Most important: have fun.

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.