On 2016-01-21, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> wrote:
> Hi,
>
> I'm constantly seeing this on my pf router.
> rule 61/(ip-option) pass in on $ext_if: $ext_gw > 224.0.0.1: igmp query 
> [tos 0xc0] [ttl 1]
>
> Rule 61 is:
> @61 pass quick inet proto igmp from $ext_if:network to 224.0.0.1 keep 
> state (no-sync)
>
> tcpdump on $ext_if shows:
> $ext_gw > 224.0.0.1: igmp query [tos 0xc0] [ttl 1] (id 59056, len 32, 
> optlen=4 IPOPT-148{4})
>
> I guess pf has a problem with ip-option 148 which is router alert (rfc2113)
> Is this normal? Why does it think it's bad?
>
> Ext gateway is cisco (no under my control) which apparently is sending 
> this option.
>
> G
>
>

See pf.conf(5) "allow-opts".

Reply via email to