Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Only allow multicast to certain hosts

    Firewalling
    1
    2
    541
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jonnytabpni last edited by

      Hey All,

      I haven't implemented this solution yet, but I intend to use pfsense with my ISP's IPTV service. This uses multicast+igmp.

      I have read numerous other posts and I think I'll be able to get it working.

      However, all the other posts all says that I have to create a firewall rule on the WAN side that allow all traffic with a destination of 224.0.0.0/4, 184.60.0.0/4, and 184.61.0.0/4 (all multicast ranges).

      Is there any way in pfsense to have that rule, but limit the traffic to a particular host? I'm not really comfortable allowing multicast traffic to all hosts within my network. However, I'm willing to be proven wrong if there is no security risk in doing this…

      Another thing, is that I need all my hosts (including the IPTV box) to be on the same subnet (as my IPTV box has some chromecast-like features that need to be on the same subnet as my laptops)

      Help is appreciated

      Thanks

      1 Reply Last reply Reply Quote 0
      • J
        jonnytabpni last edited by

        Ok, so after a bit of googling, I may be able to get round my fears as in my case (I use BT here in the UK), the IPTV multicast traffic is delivered straight to the phsyical port, rather than encapulated inside the regular PPPoE stream for surfing:

        https://forum.pfsense.org/index.php?topic=74126.0

        So I guess my normal hosts are secure as the allow all rules would be on the physical interface, rather than the PPoE WAN interface? (Unless an attacker of course managed to come in via the physical port, rather than inside the PPPoE, although this would be unlikely?)

        Thanks

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy