4. Block in on 224.0.0.1 igmp query v2 gaddr 235.1.1.1

Block in on 224.0.0.1 igmp query v2 gaddr 235.1.1.1

  • D

    Hello,

    I've been using pfSense for months now and it's one of the best things I've seen in my life.

    While I was checking the filter logs I've found the following messages, it keep going for ever. I've searched but didn't get a chance to know what are these or how to stop them. Could you please help me on this issue?

    
00:00:03.737036 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.000718 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:07.893703 rule 32/0(match): block in on em0: 192.168.5.1 > 224.0.0.1: igmp query v2 [max resp time 10]
00:00:01.126395 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.001383 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:08.999496 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.001982 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:08.998822 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.000671 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:09.000401 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.001050 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:08.999656 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.001789 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:08.999134 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.000338 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:06.151840 rule 21/0(match): block in on rl0: 192.168.2.1 > 224.0.0.1: igmp query v2
00:00:02.848594 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.001111 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:08.999879 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.001507 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:08.999348 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.000160 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:09.000718 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.002741 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:08.998080 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.001408 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:08.999457 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.001945 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:00.286014 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2
00:00:00.496478 rule 51/8(ip-option): pass in on rl1: 192.168.1.113 > 224.0.0.252: igmp v2 report 224.0.0.252
00:00:08.216570 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.002430 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:03.358270 rule 32/0(match): block in on em0: 192.168.5.1 > 224.0.0.1: igmp query v2 [max resp time 10]
00:00:05.639985 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
00:00:01.001214 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
    0
  • I

    Hi,

    these are multicast packets. What interface is rl1 on your firewall?

    • Andreas
    0
  • D

    It's LAN interface.

    0
  • I

    Damascene,

    in that case you should be able to run a packet capture on that interface and find the MAC address of the device which is sending these multicast packets.

    • Andreas
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy