I am having problems configuring the uncomplicated firewall (ufw) to allow outgoing multicast traffic. I am blocking all in and outgoing connections as the default policy. I have supplemented with the rules listed below. Yet, I get these error messages repeated twice after every time I boot the system:
Errors (repeated twice on boot-up):
[UFW BLOCK] IN= OUT=eth0 SRC=192.168.0.2 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
[UFW BLOCK] IN= OUT=eth0 SRC=fe80:0000:0000:0000:f66d:feee:feee:feee DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=56 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0
[UFW BLOCK] IN= OUT=eth0 SRC=fe80:0000:0000:0000:f66d:04ff:feee:df54 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=96 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0
Main rules:
ufw allow out proto udp to 224.0.0.0/3
ufw allow out proto udp to ff00::/8
ufw allow in proto udp to 224.0.0.0/3
ufw allow in proto udp to ff00::/8
in
/etc/ufw/user.rules:
-A ufw-before-input -p igmp -d 224.0.0.0/3 -j ACCEPT
-A ufw-before-output -p igmp -d 224.0.0.0/3 -j ACCEPT
and in
/etc/ufw/user6.rules:
-A ufw6-before-input -p icmpv6 -d ff00::/8 -j ACCEPT
-A ufw6-before-output -p icmpv6 -d ff00::/8 -j ACCEPT
I have seen similar messages in the log and the following worked for me:
Editing
/etc/ufw/before.rules, I added:and to
/etc/ufw/before6.rules, I added:Note, however that the messages blocked were group membership queries from the local router, I have no actual program running that use IP multicast at all.
The log entries were gone after making the above configuration changes.
SRC=
fe80:0000:0000:0000:f66d:04ff:feee:df54DST=
ff02:0000:0000:0000:0000:0000:0000:0016I think that this numbers must be within of the number
ff00::/8. I don't know if them are.Or maybe you want to try "My UPnP player can not see MediaTomb, what is wrong?"'s rules. Though them be for a necessity that seems the inverse...