There are multiple devices under a different subnet on our LAN sending a flood of multicast packets. I've tried to allow this type of traffic, but it does not seem to work.
Asked
Active
Viewed 2,229 times
2 Answers
0
You likely don't have a need to allow that. Just add a block rule on LAN, any protocol, any source, destination network 239.192.0.0/16, and don't enable logging. It has to be at the top of the list, before any other matching rules. The rule you added there for that UDP won't ever match because the rule above it matches first and first match wins.
There is also a bug in 2.2.x versions pre-2.2.3 where all packets with IP options set are logged regardless of whether the matching rule has logging enabled. 2.2.3 release is coming soon, or snapshots are available now at https://snapshots.pfsense.org which fixes that. Until you're on 2.2.3, it'll log that multicast traffic regardless of config.
Chris Buechler
- 2,938
- 14
- 18
0
It turned out to be a bug with pfSense. It's been resolved on version 2.2.3.
Here is the bug report: https://redmine.pfsense.org/issues/4772
If the L2TP subnet overlaps a subnet that contains a port forward target, and automatic outbound NAT for reflection is enabled, then an invalid ruleset can be generated.
Marc05
- 253
- 1
- 2
- 12