0.0.0.0 IGMP spam in WAN log & LAN traffic being blocked
-
Ok, thanks for your 2.2.3 note, but the thread was hijacked ;)
My comment there was re: the original issue, multicast firewall log spam.
-
The problem is still present on my pfsense setup in VM with 2.2.3 installed.
Unchecked both log bogon networks block rule and private networks block rule.
Also created a custom rule to block igmp on lan interface.
No joy.EDIT: I fixed it by patching /etc/inc/filter_log.inc
In function conv_log_filter added the following lines in the foreach ($logarr as $logent) loop:if (strpos($logent,"igmp") !== false)
continue;Crude, but does the job.
-
Thank you Bronko, Solved the problem for me too !
After pulling my hair out wondering why my firewall logs where filled with 0.0.0.0 to 255.255.255.255 port 4944 I stumbled on this post.
I am on pfsense 2.3.4-RELEASE with pfblockerng installed, its been working pretty good for me but a few days ago I changed over from ADSL to VDSL and swapped the modem to a vigor 130, unticking the 'Broadcast DSL status to LAN' in the vigor settings fixed it.
This broadcast to LAN is I believe used to keep a connection in a vigor router alive so the modem logs can be accessed inside the router.
I access my modem by using the https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall guide, its worked with every modem i have used but the vigor 130 is the first one thats filled the logs ! I still have the occasional IGMP showing up:
MODEMACCESS 192.168.x.x 224.0.0.1 IGMP
Not a problem yet as seems to be only when i have the modem Admin page open.
–