HI All,
I am setting up a firewall with PF. The strategy used is quite common:
set block-policy return
set loginterface none
set skip on lo0
match in all scrub (random-id reassemble tcp)
block log
Then some rules are used to pass the authorized packets.
One of the rule is
pass from <TV_nets> to <multicast>
pass from <multicast> to <TV_nets>
where the table "multicast" contains all the multicast address and the table
"TV_nets" the
networks used for IT TV.
In the log regularly the following message is produced:
Jul 07 10:44:40.049159 rule 26/(match) pass in on vlan120: 192.168.88.1 >
224.0.0.1:
igmp query [tos 0xc0] [ttl 1]
where vlan120 is part of an OpenBSD bridge used in egress part of the firewall.
A lot of similar rules (many vlan are used) and some other
pass rules are defined but only this one (26) produces a message.
Is it possible to remove a such message? The message is not useful and it
clutters the log.
Thanks for your help,
