Hi, on Raspbian 10, in /var/log/syslog
i seen lines like:

i found the command "tcpdump -p -n -e host 224.0.0.1"

and it reports lines like:

BBB may be the MAC address of my LAN/WAN router, since the command "arp -a" shows same kind of address next my router IP.

in ufw manual i have found following:

but i do not know if i want to block it. i am surprised it is blocked, since iptables -L shown no rules with default policy ACCEPT and after installing ufw firewall i only rate-limitted port 22 so i would think everything else is allowed :-/

What do you think about that igmp requests and what would you do with it? Thank you

Since you've been working with iptables and network routing for YEARS now, you should already know what IGMP is and why you would want to allow/deny it, and what it does. You're asking a question that has no real answer...if you want to block it, then do so. If you don't, then DON'T....we have no idea what your network is like, what your needs are, or what you're trying to accomplish.

And again, since you've been working with/asking about iptables for many years now, you know how the rules are processed...since you don't share your ruleset here, we again have no idea why/what is blocked or allowed.

https://superuser.com/questions/7394...n-attemps-mean

I'd think last answer is more of what you have.

Yes, but there is no way to answer the OP's question in a meaningful way, which was, "What do you think about that igmp requests and what would you do with it?"

Based on the lack of information ("BBB may be the MAC address of my LAN/WAN router") (bolded for emphasis only, and not posting their existing rule-set, or even telling us what the actual problem/issue is ("but i do not know if i want to block it."), they seem to be asking for something there's not much way to answer, aside from supposition and guessing.

While you're probably right in that it's multicast, we can't really know, and the OP didn't post back any details. The only answer to their question would be, "It depends...is there a problem, and do you WANT to block it??"

You mean this answer that says the traffic is "IGMP Query packet sent by your local router to all devices on the subnet so it can update / refresh IP multicast group memberships." Also he says something about that traffic being "query/discovery packet but specifically for mDNS" - i am not sure how important this is.

Since that was the post that dealt with IGMP, yes. And AGAIN:

• You have not said what your actual problem is with this traffic
• You have provided no details about your iptables rules
• You have provided no details about your network
• You have provided no details about your hardware/devices on your network
• You have provided no details about what efforts YOU have put into solving your problem

Again, you're asking whether you should block it or not; the answer remains "That's up to you". That's YOUR network...you should know what devices are on it, and why they are doing what they're doing. We can't guess as to whether or not it's 'bad' that you have IGMP running or not. We can't guess as to your ruleset on blocking such things. We can't guess as to the problem(s) you may or may not be having. If it was a concern, you could have blocked that traffic in less time than it took you to post this thread and wait over a month to come back to check it.

Since you've been working with iptables for **YEARS** at this point, you should be well familiar with how to block traffic if you choose to. You have also been advised many, MANY times to show your own efforts, ask clear questions, and provide details, yet you again have not.

On my home router I set all devices to keep that same dhcp address. I know that seems like static but I have reasons. But still in any dhcp config you have booting systems and systems that have ip lease changes so I think you want it to allow that rule.

Turn it off and see what happens would be very simple test.

1 members found this post helpful.