About a year ago there was a post showing the RFC 5771 packets in the pflog and the OP did not have any logging rules.
I have a logging rule for my blocks, and this is polluting the log. Where do they come from and how do I eliminate them? em0=WAN em1=LAN re0=MGMT NAT is enabled from LAN to WAN No. Time Source Destination Port Protocol Length Info 50 2014-10-24 21:01:53 0.0.0.0 224.0.0.1 IGMPv2 96 [pass re0/0] Membership Query, general Frame 50: 96 bytes on wire (768 bits), 96 bytes captured (768 bits) on interface 0 Interface id: 0 (-) Encapsulation type: OpenBSD PF Firewall logs (39) Arrival Time: Oct 24, 2014 21:01:53.220023000 Eastern Daylight Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1414198913.220023000 seconds [Time delta from previous captured frame: 120.692432000 seconds] [Time delta from previous displayed frame: 124.992990000 seconds] [Time since reference or first frame: 459.626189000 seconds] Frame Number: 50 Frame Length: 96 bytes (768 bits) Capture Length: 96 bytes (768 bits) [Frame is marked: True] [Frame is ignored: False] [Protocols in frame: pflog:ip:igmp] [Coloring Rule Name: Routing] [Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp] PF Log IPv4 pass on re0 by rule 0 Header Length: 61 Address Family: IPv4 (2) Action: pass (0) Reason: ip-option (8) Interface: re0 Ruleset: Rule Number: 72 Sub Rule Number: -1 UID: -1 PID: -1601830656 Rule UID: 0 Rule PID: 1550778368 Direction: in (1) Padding: 000000 Internet Protocol Version 4, Src: 0.0.0.0 (0.0.0.0), Dst: 224.0.0.1 (224.0.0.1) Version: 4 Header Length: 24 bytes Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 32 Identification: 0x0000 (0) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 1 Protocol: IGMP (2) Header checksum: 0x0417 [validation disabled] [Good: False] [Bad: False] Source: 0.0.0.0 (0.0.0.0) Destination: 224.0.0.1 (224.0.0.1) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Options: (4 bytes), Router Alert Router Alert (4 bytes): Router shall examine packet (0) Type: 148 1... .... = Copy on fragmentation: Yes .00. .... = Class: Control (0) ...1 0100 = Number: Router Alert (20) Length: 4 Router Alert: Router shall examine packet (0) Internet Group Management Protocol [IGMP Version: 2] Type: Membership Query (0x11) Max Resp Time: 10.0 sec (0x64) Header checksum: 0xee9b [correct] Multicast Address: 0.0.0.0 (0.0.0.0) 0000 3d 02 00 08 72 65 30 00 00 00 00 00 00 00 00 00 =...re0......... 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0020 00 00 00 00 00 00 00 48 ff ff ff ff ff ff ff ff .......H........ 0030 a0 86 01 00 00 00 00 00 5c 6f 00 00 01 00 00 00 ........\o...... 0040 46 c0 00 20 00 00 40 00 01 02 04 17 00 00 00 00 F.. ..@......... 0050 e0 00 00 01 94 04 00 00 11 64 ee 9b 00 00 00 00 .........d...... No. Time Source Destination Port Protocol Length Info 51 2014-10-24 21:01:53 0.0.0.0 224.0.0.1 IGMPv2 96 [pass em1/0] Membership Query, general Frame 51: 96 bytes on wire (768 bits), 96 bytes captured (768 bits) on interface 0 Interface id: 0 (-) Encapsulation type: OpenBSD PF Firewall logs (39) Arrival Time: Oct 24, 2014 21:01:53.220090000 Eastern Daylight Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1414198913.220090000 seconds [Time delta from previous captured frame: 0.000067000 seconds] [Time delta from previous displayed frame: 0.000067000 seconds] [Time since reference or first frame: 459.626256000 seconds] Frame Number: 51 Frame Length: 96 bytes (768 bits) Capture Length: 96 bytes (768 bits) [Frame is marked: True] [Frame is ignored: False] [Protocols in frame: pflog:ip:igmp] [Coloring Rule Name: Routing] [Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp] PF Log IPv4 pass on em1 by rule 0 Header Length: 61 Address Family: IPv4 (2) Action: pass (0) Reason: ip-option (8) Interface: em1 Ruleset: Rule Number: 72 Sub Rule Number: -1 UID: -1 PID: -1601830656 Rule UID: 0 Rule PID: 1550778368 Direction: in (1) Padding: 000000 Internet Protocol Version 4, Src: 0.0.0.0 (0.0.0.0), Dst: 224.0.0.1 (224.0.0.1) Version: 4 Header Length: 24 bytes Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 32 Identification: 0x0000 (0) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 1 Protocol: IGMP (2) Header checksum: 0x0417 [validation disabled] [Good: False] [Bad: False] Source: 0.0.0.0 (0.0.0.0) Destination: 224.0.0.1 (224.0.0.1) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Options: (4 bytes), Router Alert Router Alert (4 bytes): Router shall examine packet (0) Type: 148 1... .... = Copy on fragmentation: Yes .00. .... = Class: Control (0) ...1 0100 = Number: Router Alert (20) Length: 4 Router Alert: Router shall examine packet (0) Internet Group Management Protocol [IGMP Version: 2] Type: Membership Query (0x11) Max Resp Time: 10.0 sec (0x64) Header checksum: 0xee9b [correct] Multicast Address: 0.0.0.0 (0.0.0.0) 0000 3d 02 00 08 65 6d 31 00 00 00 00 00 00 00 00 00 =...em1......... 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0020 00 00 00 00 00 00 00 48 ff ff ff ff ff ff ff ff .......H........ 0030 a0 86 01 00 00 00 00 00 5c 6f 00 00 01 00 00 00 ........\o...... 0040 46 c0 00 20 00 00 40 00 01 02 04 17 00 00 00 00 F.. ..@......... 0050 e0 00 00 01 94 04 00 00 11 64 ee 9b 00 00 00 00 .........d...... -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. _______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list