Firewall log contains IGMP for rules that do not have logging on
- Status changed from New to Confirmed
- Target version set to 2.2.2
I suspect the root issue here is logging of passed traffic with IP options regardless of whether logging is enabled on the matching rule.
Target for 2.2.2 looks good. This does not effect actual firewall functions from a security point of view - packet passing and blocking happen as per the rules. It is just nuisance noise in the firewall log with some rule combinations and traffic.
- Target version changed from 2.2.2 to 2.2.3
I too have ran into this. Very irritating. :)
Just adding a "me too". I have default rule logging turned off, but still seeing lots of entries in firewall log of "Pass" traffic destined to 126.96.36.199 with Proto IGMP.
This needs a patching on pf(4) that forces logging on packets with ip options dropped if not allowed and does not check the rule settings.
Line 6332 on pf.c.
- Assignee set to Ermal Luçi
- Priority changed from Normal to High
this makes the firewall logs basically completely useless in some networks. Sounds like it shouldn't be too difficult to fix.
- Status changed from Confirmed to Feedback
built on Wed Jun 10 19:49:59 CDT 2015
No more flood of unasked-for IGMP messages in the firewall log. I also tried purposely passing and logging IGMP and that shows up correctly in the Firewall log with the correct associated rule number/description.
Fixed for me.
Hooray! I finally can see something useful in firewall logs on the previously affected site once again! Sanity restored. :-)
- Status changed from Feedback to Resolved
Also available in: Atom