Block in on 224.0.0.1 igmp query v2 gaddr 235.1.1.1



  • Hello,

    I've been using pfSense for months now and it's one of the best things I've seen in my life.

    While I was checking the filter logs I've found the following messages, it keep going for ever. I've searched but didn't get a chance to know what are these or how to stop them. Could you please help me on this issue?

    
    00:00:03.737036 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.000718 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:07.893703 rule 32/0(match): block in on em0: 192.168.5.1 > 224.0.0.1: igmp query v2 [max resp time 10]
    00:00:01.126395 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.001383 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:08.999496 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.001982 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:08.998822 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.000671 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:09.000401 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.001050 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:08.999656 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.001789 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:08.999134 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.000338 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:06.151840 rule 21/0(match): block in on rl0: 192.168.2.1 > 224.0.0.1: igmp query v2
    00:00:02.848594 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.001111 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:08.999879 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.001507 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:08.999348 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.000160 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:09.000718 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.002741 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:08.998080 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.001408 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:08.999457 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.001945 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:00.286014 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2
    00:00:00.496478 rule 51/8(ip-option): pass in on rl1: 192.168.1.113 > 224.0.0.252: igmp v2 report 224.0.0.252
    00:00:08.216570 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.002430 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:03.358270 rule 32/0(match): block in on em0: 192.168.5.1 > 224.0.0.1: igmp query v2 [max resp time 10]
    00:00:05.639985 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    00:00:01.001214 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    
    


  • Hi,

    these are multicast packets. What interface is rl1 on your firewall?

    • Andreas


  • It's LAN interface.



  • Damascene,

    in that case you should be able to run a packet capture on that interface and find the MAC address of the device which is sending these multicast packets.

    • Andreas

Log in to reply