| Message ID | 20230425184009.3674-1-stefan.schantl@ipfire.org |
|---|---|
| State | Accepted |
| Commit | b5784fbc3308214852e3029bccca20e0f63f35a8 |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Q5W5f4pMTz3xG6 for <patchwork@web04.haj.ipfire.org>; Tue, 25 Apr 2023 18:40:22 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Q5W5c5c0lz5c0; Tue, 25 Apr 2023 18:40:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Q5W5c3Q4Jz2yRn; Tue, 25 Apr 2023 18:40:20 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Q5W5Z6zyNz2xRt for <development@lists.ipfire.org>; Tue, 25 Apr 2023 18:40:18 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Q5W5Y4m7Lz119; Tue, 25 Apr 2023 18:40:17 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1682448017; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=BmDAa6vH8gkRfVYr6/Tr09IZD6XN/Bv9punfbwDRwY8=; b=LSzXvRuK02Y2c7VmjZ8dOH4lH9n6OpCDmPId3Jx0iPD0+/f0gEOFh/aI2xfgBJ3yekldfE jD7hF01guX+3TzDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1682448017; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=BmDAa6vH8gkRfVYr6/Tr09IZD6XN/Bv9punfbwDRwY8=; b=UMPp0DHwAaZDUGJF3VrbD+FztETrUYX4eQyf5EI+EFzC3t0pi6JbjFh5zA1DmkxOxMxJt4 U6gty6nWz94h8QftaqsmfrI/+KrrAGDmNtPCbCsg7cGsG6n5NR6dQSR6ueyAxfTQlhZUzs E8h2v5vFlQTosanCQsqk3wzTAobOYtSoA3B9wBGWJ6QWEYHHIVpNvgfhFjQQfCHmgnegvi CyMspi9g+2PnjL63k0+QaU3C6oQqYdfFP3DX087yTda0PVTWzVxw78S8KWG1pQhBZqJhCb JJ+OcML3DPFzTPtTJIxwIK2/+wJb/e/nhR3loHjqPT11UOfEzN0LGqr41sfqDA== From: Stefan Schantl <stefan.schantl@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] firewall: Allow traffic from multicast networks Date: Tue, 25 Apr 2023 20:40:09 +0200 Message-Id: <20230425184009.3674-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
firewall: Allow traffic from multicast networks
|
|
Commit Message
Stefan Schantl
April 25, 2023, 6:40 p.m. UTC
The multicast network segment 224.0.0.0/4 is used for a lot of
different services provided by the local ISP's. (IPTV etc.)
We have to allow traffic from this networks when using one of
the BOGON blocklists in order to get those ISP services still
accessable.
https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml
Fixes 13092.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
config/firewall/rules.pl | 1 +
1 file changed, 1 insertion(+)
Comments
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> > On 25 Apr 2023, at 19:40, Stefan Schantl <stefan.schantl@ipfire.org> wrote: > > The multicast network segment 224.0.0.0/4 is used for a lot of > different services provided by the local ISP's. (IPTV etc.) > > We have to allow traffic from this networks when using one of > the BOGON blocklists in order to get those ISP services still > accessable. > > https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml > > Fixes 13092. > > Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> > --- > config/firewall/rules.pl | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl > index 6c08feb86..7edb910e2 100644 > --- a/config/firewall/rules.pl > +++ b/config/firewall/rules.pl > @@ -55,6 +55,7 @@ my @PRIVATE_NETWORKS = ( > "172.16.0.0/12", > "192.168.0.0/16", > "100.64.0.0/10", > + "224.0.0.0/4", > ); > > # MARK masks > -- > 2.30.2 >
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 6c08feb86..7edb910e2 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -55,6 +55,7 @@ my @PRIVATE_NETWORKS = ( "172.16.0.0/12", "192.168.0.0/16", "100.64.0.0/10", + "224.0.0.0/4", ); # MARK masks