From owner-freebsd-net@FreeBSD.ORG  Wed Mar 26 11:06:27 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 101051065671
	for <freebsd-net@freebsd.org>; Wed, 26 Mar 2008 11:06:26 +0000 (UTC)
	(envelope-from bms@incunabulum.net)
Received: from out3.smtp.messagingengine.com (out3.smtp.messagingengine.com
	[66.111.4.27]) by mx1.freebsd.org (Postfix) with ESMTP id CA0FD8FC4B
	for <freebsd-net@freebsd.org>; Wed, 26 Mar 2008 11:06:26 +0000 (UTC)
	(envelope-from bms@incunabulum.net)
Received: from compute1.internal (compute1.internal [10.202.2.41])
	by out1.messagingengine.com (Postfix) with ESMTP id C55EBDCABE;
	Wed, 26 Mar 2008 07:06:25 -0400 (EDT)
Received: from heartbeat1.messagingengine.com ([10.202.2.160])
	by compute1.internal (MEProxy); Wed, 26 Mar 2008 07:06:25 -0400
X-Sasl-enc: p49qKRG49axIjpu5WRon7rr0fTg7Q2+ODw96JhYe+nED 1206529585
Received: from empiric.lon.incunabulum.net
	(82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254])
	by mail.messagingengine.com (Postfix) with ESMTPSA id 2C1ADA0BB;
	Wed, 26 Mar 2008 07:06:25 -0400 (EDT)
Message-ID: <47EA2E30.9010806@incunabulum.net>
Date: Wed, 26 Mar 2008 11:06:24 +0000
From: Bruce M Simpson <bms@incunabulum.net>
User-Agent: Thunderbird 2.0.0.9 (X11/20080207)
MIME-Version: 1.0
To: FreeBSD-Net mailing list <freebsd-net@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: dhartmei@FreeBSD.org
Subject: CALL FOR FEEDBACK: IGMP and PF interoperability
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Mar 2008 11:06:27 -0000

It has come to my attention that the default configuration of PF in 
FreeBSD will block legitimate outgoing IGMP messages.

PF is currently not the default firewall in FreeBSD. Anyone using 
multicast in any way, even for link-scope multicasts (224.x.x.x/24), 
will be affected by this issue if they use PF as their firewall.

This issue was described in this thread:
    http://lists.freebsd.org/pipermail/freebsd-pf/2006-June/002259.html

The documentation does state that allow-opts needs to be specified 
explicitly -- there is no fine grained control for the IPv4 options 
actually filtered, however, and currently the IP Router Alert option is 
handled in the main path in all BSD derived systems.

Please let me know if you have encountered this issue, so that we can 
get started on a workaround.

cheers
BMS