On Thu, Jan 21, 2016 at 12:27:06PM +0200, Kapetanakis Giannis wrote:
> Hi,
>
> I'm constantly seeing this on my pf router.
> rule 61/(ip-option) pass in on $ext_if: $ext_gw > 224.0.0.1: igmp query [tos
> 0xc0] [ttl 1]
>
> Rule 61 is:
> @61 pass quick inet proto igmp from $ext_if:network to 224.0.0.1 keep state
> (no-sync)
>
> tcpdump on $ext_if shows:
> $ext_gw > 224.0.0.1: igmp query [tos 0xc0] [ttl 1] (id 59056, len 32,
> optlen=4 IPOPT-148{4})
>
> I guess pf has a problem with ip-option 148 which is router alert (rfc2113)
> Is this normal? Why does it think it's bad?
>
> Ext gateway is cisco (no under my control) which apparently is sending this
> option.
>
> G
Multicast traffic is black-holed by default.
You may want to set multicast_host=Yes in /etc/rc.conf.local.
See the MULTICAST ROUTING section in the netstart(8) man page.
