From owner-freebsd-pf@FreeBSD.ORG Sun May 5 05:28:47 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 5B13F67F for ; Sun, 5 May 2013 05:28:47 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-gg0-x22e.google.com (mail-gg0-x22e.google.com [IPv6:2607:f8b0:4002:c02::22e]) by mx1.freebsd.org (Postfix) with ESMTP id B59C76A for ; Sun, 5 May 2013 05:28:46 +0000 (UTC) Received: by mail-gg0-f174.google.com with SMTP id i2so472872ggn.33 for ; Sat, 04 May 2013 22:28:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=x-received:references:mime-version:in-reply-to:content-type :content-transfer-encoding:message-id:cc:x-mailer:from:subject:date :to; bh=L60Myc4QT4ZCXVZ89Do5+NyjyabpssTMMXNEfIioI10=; b=K99TEFs8ix9aRXmxBuTyr8+pvFEjhW0rVNdsZmE+9z2y872VskqokpMOUFIfFQ+iKG PuBK7I9gaE3tQq8QHjhd9zim1yh5HG9eSin652CSTnqwk98ojJKP5qevDnTrmlsK1lan o10PgTI9cPtDQemRs90Dzc0IVGWQBvr1VDbgM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:references:mime-version:in-reply-to:content-type :content-transfer-encoding:message-id:cc:x-mailer:from:subject:date :to:x-gm-message-state; bh=L60Myc4QT4ZCXVZ89Do5+NyjyabpssTMMXNEfIioI10=; b=l7xD3jR5Vsc25aYvQeC6GG8H2APkgGdKZJiv8CECFOO1Gpx9jG2BSU5PYSsG8jCK/a VZ4JTS3oR/7rWcoYOdZcy2ywM4cuzWrVSpo5dKd5mQVjeTLieHrjh36AYm9ztVwm9G/a ip4F7e9QcxAKFZHJF+uZt43LSAKvuvcEudlQ2WzVHbXsAHai6JOkn8HFD/dFDytzH/qt FLQw5V9RcRt4hEMuWxSI6JOr2r+QDDd2v14Z/tovKfuJUT8Zi2OaLVAFH4eYqNkW0syA SM+sSovOUfWjKmhxPpU5THop04l3bVY1Mt5v6Orj/Fp2WC5UO1OjXUuNQ1ilRkOVxi3O GQ0g== X-Received: by 10.236.74.201 with SMTP id x49mr14659609yhd.80.1367731313999; Sat, 04 May 2013 22:21:53 -0700 (PDT) Received: from [192.168.30.77] (24-236-152-143.dhcp.aldl.mi.charter.com. [24.236.152.143]) by mx.google.com with ESMTPSA id w67sm36026244yhk.7.2013.05.04.22.21.51 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 04 May 2013 22:21:52 -0700 (PDT) References: <86C973B6-D12D-41AA-A1F9-D93E1C60856F@DataIX.net> <518510B6.8000309@smeets.im> Mime-Version: 1.0 (1.0) In-Reply-To: <518510B6.8000309@smeets.im> Message-Id: X-Mailer: iPhone Mail (10B329) From: Jason Hellenthal Subject: Re: IGMP with no matching rules Date: Sun, 5 May 2013 01:21:49 -0400 To: Florian Smeets X-Gm-Message-State: ALoCoQnhbrRq3okoNmv076BE5x3fLNj/35ZiEriSag+AU1yjJFocEZfkg8bW6yQ1pXcH08d0JcGf Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "freebsd-pf@FreeBSD.org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 May 2013 05:28:47 -0000 Wow I can't believe I skipped over that option. pass quick proto igmp allow-opts Did it perfectly!!!! Thank you Florian -- Jason Hellenthal JJH48-ARIN -(2^(N-1)) On May 4, 2013, at 9:44, Florian Smeets wrote: > On 04.05.13 09:36, Jason Hellenthal wrote: >> Hey Everyone, >> >> Has anyone seen IGMP traffic hit there pflog interface even if there >> are no rules matching that tell it to log ? >> >> Anyone that has a pointer to eliminate the logging of the IGMP >> traffic would be extremely helpful. This has been fairly frustrating >> up to this point trying to either create a rule to catch it that does >> not specify logging or eliminate rules that shouldn't be matching but >> do. > > It would be easier to tell with your rule set, but I think this may be > related to IP options, look for allow-opts in pf.conf(5). > > Florian >