verrevpath - denies local multicast. Is this intended?
Bill Fumerola
billf at FreeBSD.org
Thu Sep 4 11:47:54 PDT 2003
On Fri, Aug 29, 2003 at 02:45:55PM +0200, Sten Daniel S?rsdal wrote:
>
> when using verrevpath it seems to drop local multicast packets suck as RIP2.
> i use it as suggested; deny log ip from any to any not verrevpath
>
> logentry:
> Aug 29 14:32:08 <security.info> fictious /kernel: ipfw: 1011 Deny UDP 80.86.140.54:520 224.0.0.9:520 in via fxp1
>
> does this mean it should deny multicast and broadcasts or that it really should
> verify that the multicast path is correct?
i won't speak to what it should do, but...
just add a specific rule before '1011' that allows rip2 traffic to that
multicast addr. use 224.0.0.0/4 if you don't want to deal with it again.
--
- bill fumerola / fumerola at yahoo-inc.com / billf at FreeBSD.org
More information about the freebsd-ipfw
mailing list