Bug #4383
closedFirewall log contains IGMP for rules that do not have logging on
0%
Updated by Chris Buechler almost 10 years ago
- Status changed from New to Confirmed
- Target version set to 2.2.2
I suspect the root issue here is logging of passed traffic with IP options regardless of whether logging is enabled on the matching rule.
Updated by Phillip Davis almost 10 years ago
Target for 2.2.2 looks good. This does not effect actual firewall functions from a security point of view - packet passing and blocking happen as per the rules. It is just nuisance noise in the firewall log with some rule combinations and traffic.
Updated by Chris Buechler over 9 years ago
- Target version changed from 2.2.2 to 2.2.3
Updated by Bill Crowder over 9 years ago
I too have ran into this. Very irritating. :)
Updated by Arion Lawrence over 9 years ago
Just adding a "me too". I have default rule logging turned off, but still seeing lots of entries in firewall log of "Pass" traffic destined to 224.0.0.22 with Proto IGMP.
Updated by Hollander Hollander over 9 years ago
Me too, as I also wrote here: https://forum.pfsense.org/index.php?topic=92387.msg511674#msg511674
Updated by Ermal Luçi over 9 years ago
This needs a patching on pf(4) that forces logging on packets with ip options dropped if not allowed and does not check the rule settings.
Line 6332 on pf.c.
Updated by Chris Buechler over 9 years ago
- Assignee set to Ermal Luçi
- Priority changed from Normal to High
this makes the firewall logs basically completely useless in some networks. Sounds like it shouldn't be too difficult to fix.
Updated by Phillip Davis over 9 years ago
2.2.3-DEVELOPMENT (i386)
built on Wed Jun 10 19:49:59 CDT 2015
FreeBSD 10.1-RELEASE-p11
No more flood of unasked-for IGMP messages in the firewall log. I also tried purposely passing and logging IGMP and that shows up correctly in the Firewall log with the correct associated rule number/description.
Fixed for me.
Updated by Kill Bill over 9 years ago
Hooray! I finally can see something useful in firewall logs on the previously affected site once again! Sanity restored. :-)