After setting up a firewall i noticed a lot of traffic being rejected
comming from 224.0.0.1. This is so called multicast traffic.
Nov 27 23:55:23 badaboom kernel: Packet log: input REJECT eth0 PROTO=2
xxx.xxx.xxx.xxx:65535 224.0.0.1:65535 L=28 S=0xC0 I=36214 F=0x0000 T=1
Nov 27 23:55:33 badaboom kernel: Packet log: input REJECT eth0 PROTO=17
xxx.xxx.xxx.xxx:1484 224.0.0.1:4242 L=57 S=0x00 I=2340 F=0x0000 T=1
Nov 27 23:56:09 badaboom kernel: Packet log: input REJECT eth0 PROTO=17
xxx.xxx.xxx.xxx:1483 224.0.0.1:4242 L=57 S=0x00 I=2498 F=0x0000 T=1
Nov 27 23:56:10 badaboom kernel: Packet log: input REJECT eth0 PROTO=17
xxx.xxx.xxx.xxx:1482 224.0.0.1:4242 L=57 S=0x00 I=2507 F=0x0000 T=1
Nov 27 23:56:12 badaboom kernel: Packet log: input REJECT eth0 PROTO=17
xxx.xxx.xxx.xxx:1481 224.0.0.1:4242 L=57 S=0x00 I=2525 F=0x0000 T=1
Nov 27 23:56:23 badaboom kernel: Packet log: input REJECT eth0 PROTO=2
xxx.xxx.xxx.xxx:65535 224.0.0.1:65535 L=28 S=0xC0 I=36241 F=0x0000 T=1
[jjans]$ nslookup 224.0.0.1
Name: ALL-SYSTEMS.MCAST.NET
Address: 224.0.0.1
Is it a good idea to block this traffic, or should it be allowed thru the
firewall?
Thanks,
Jasper
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
