Bug 155326

Summary: SuSEfirewall2 logs dropped multicast packets by default
Product: [openSUSE] SUSE Linux 10.1 Reporter: Carl-Daniel Hailfinger <kernel01>
Component: SecurityAssignee: Ludwig Nussel <lnussel>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: suse-beta
Version: Beta 5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Development Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Carl-Daniel Hailfinger 2006-03-05 20:06:33 UTC 
In most large networks, there is more than one machine sending packets to multicast addresses. SuSEfirewall2 logs all of these packets, sometimes completely filling the rate limit with them. This masks more important firewall logs (connection attempts to port 22 etc.).

Suggestion: drop multicast packets quietly or at least with a very low and independent log rate limit.
Comment 1 Ludwig Nussel 2006-03-06 15:40:32 UTC 
it uses a separate rule now so the rate limit is independent of unicast udp packets.