155326 – SuSEfirewall2 logs dropped multicast packets by default

Bug 155326 - SuSEfirewall2 logs dropped multicast packets by default

Summary: SuSEfirewall2 logs dropped multicast packets by default

Status:	RESOLVED FIXED

Alias:	None

Product:	SUSE Linux 10.1
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Beta 5
Hardware:	Other Other

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	Ludwig Nussel
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2006-03-05 20:06 UTC by Carl-Daniel Hailfinger
Modified:	2006-03-06 15:40 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Development
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carl-Daniel Hailfinger 2006-03-05 20:06:33 UTC

In most large networks, there is more than one machine sending packets to multicast addresses. SuSEfirewall2 logs all of these packets, sometimes completely filling the rate limit with them. This masks more important firewall logs (connection attempts to port 22 etc.).

Suggestion: drop multicast packets quietly or at least with a very low and independent log rate limit.

Comment 1 Ludwig Nussel 2006-03-06 15:40:32 UTC

it uses a separate rule now so the rate limit is independent of unicast udp packets.