CALL FOR FEEDBACK: IGMP and PF interoperability
    Bruce M Simpson 
    bms at incunabulum.net
       
    Wed Mar 26 04:06:27 PDT 2008
    
    
  
It has come to my attention that the default configuration of PF in 
FreeBSD will block legitimate outgoing IGMP messages.
PF is currently not the default firewall in FreeBSD. Anyone using 
multicast in any way, even for link-scope multicasts (224.x.x.x/24), 
will be affected by this issue if they use PF as their firewall.
This issue was described in this thread:
    http://lists.freebsd.org/pipermail/freebsd-pf/2006-June/002259.html
The documentation does state that allow-opts needs to be specified 
explicitly -- there is no fine grained control for the IPv4 options 
actually filtered, however, and currently the IP Router Alert option is 
handled in the main path in all BSD derived systems.
Please let me know if you have encountered this issue, so that we can 
get started on a workaround.
cheers
BMS
    
    
More information about the freebsd-net
mailing list