# PROTO=2 in firewall logs [solved]

## at

I am seeing these strange records in my firewall log:

 *Quote:*   

> FIREWALL UNKNOWN: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:1f:8F:19:90:b5:33:04 SRC=192.168.0.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF OPT (94040000) PROTO=2

 

The source machine with IP 192.168.0.1 appears to be my router, which is a Verizon FiOS router.

The messages come exactly every 2 minutes and 5 seconds.

Do you know what proto=2 is? And why is it sending these packets to 224.0.0.1?

Thank you!Last edited by at on Thu Sep 11, 2008 1:53 am; edited 1 time in total

----------

## Sadako

According to /etc/protocols 2 is igmp, "internet group management protocol", I'll let you do the googling to find out wtf it's for.

What is 224.0.0.1?

What iptables rules are generating these log entries?

----------

## at

So I gather the router is trying to discover hosts who would like to participate in a multicast?

The firewall on the host currently logs and drops everything it does not expect - including these IGMP messages.

Do you think it is safe to let them in?

----------

## Hu

It may be safe, but if you do not need them, I suggest just adding a rule to drop them without logging them.  If everything works fine when you are dropping them, then you probably do not need them.

----------

## at

According to a Verizon tech support, this is used to discover "set-top boxes" to broadcast television. (Verizon FiOS router is used ofr internet, TV and telephone.)

So the discovery is completely useless unless FiOS TV is used.

Thank you guys for your help!

----------

