Ubuntu – Problems allowing outgoing multicast in ufw

firewalliptablesnetworkingufw

I am having problems configuring the uncomplicated firewall (ufw) to allow outgoing multicast traffic. I am blocking all in and outgoing connections as the default policy. I have supplemented with the rules listed below. Yet, I get these error messages repeated twice after every time I boot the system:

Errors (repeated twice on boot-up):

[UFW BLOCK] IN= OUT=eth0 SRC=192.168.0.2 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2

[UFW BLOCK] IN= OUT=eth0 SRC=fe80:0000:0000:0000:f66d:feee:feee:feee DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=56 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0

[UFW BLOCK] IN= OUT=eth0 SRC=fe80:0000:0000:0000:f66d:04ff:feee:df54 DST=ff02:0000:0000:0000:0000:0000:0000:0016 LEN=96 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0

Main rules:

ufw allow out proto udp to 224.0.0.0/3
ufw allow out proto udp to ff00::/8
ufw allow in  proto udp to 224.0.0.0/3
ufw allow in  proto udp to ff00::/8

in

/etc/ufw/user.rules:
-A ufw-before-input  -p igmp -d 224.0.0.0/3 -j ACCEPT
-A ufw-before-output -p igmp -d 224.0.0.0/3 -j ACCEPT

and in

/etc/ufw/user6.rules:
-A ufw6-before-input  -p icmpv6 -d ff00::/8 -j ACCEPT
-A ufw6-before-output -p icmpv6 -d ff00::/8 -j ACCEPT

Best Answer

SRC=fe80:0000:0000:0000:f66d:04ff:feee:df54
DST=ff02:0000:0000:0000:0000:0000:0000:0016

I think that this numbers must be within of the number ff00::/8. I don't know if them are.

Or maybe you want to try "My UPnP player can not see MediaTomb, what is wrong?"'s rules. Though them be for a necessity that seems the inverse...

Related Question