From owner-freebsd-questions Wed Jun 12 14: 5:16 2002 Delivered-To: freebsd-questions@freebsd.org Received: from blues.hodgsonhouse.com (loki.hodgsonhouse.com [24.72.10.209]) by hub.freebsd.org (Postfix) with ESMTP id D3ED137B404 for ; Wed, 12 Jun 2002 14:05:11 -0700 (PDT) Received: (from tillman@localhost) by blues.hodgsonhouse.com (8.11.6/8.11.6) id g5CL5Nq02983 for freebsd-questions@freebsd.org; Wed, 12 Jun 2002 15:05:23 -0600 Date: Wed, 12 Jun 2002 15:05:23 -0600 From: Tillman Hodgson To: freebsd-questions@freebsd.org Subject: IPF, Multicast, and the zebra port Message-ID: <20020612150523.A2969@seekingfire.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i X-Editor: Vim Rocks! http://www.vim.org X-Mailer: Mutt Rocks! http://www.mutt.org Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Howdy, What's the proper way to firewall (using IPF) the multicast IP's (224.0.0.0/3) so that I can use OSPF on my FreeBSD 4.5-STABLE machine with the zebra port internally and over my IPSEC tunnels, while still keeping my external interface protected. I'm fairly new to this whole multicast thing, and I'd like to get this right :-) My existing configuration hits the default deny whenever ospfd tries to multicast (every 10 seconds). This is causing the following log message: warnings: OSPF: *** sendto in ospf_write failed with No route to host TIA, - Tillman -- 1. Out of clutter, find simplicity. 2. From discord, find harmony. 3. In the middle of difficulty lies opportunity. - Albert Einstein, Three rules of work To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message