I'm using IP filter on a Sun workstation (IP 192.168.1.9) and see the firewall is blocking various hosts to 192.168.1.255 port 138. Note this machine is not a router, so really no machine on the network should rely on this one even being running.
Anyway, this is my ipfilter log, showing data from 192.168.1.101 (a PC) port 138 and 192.168.1.128 (another PC) going to 192.168.1.255 (this is not any machine as such).
I think there was
the following in the log from various local hosts
23/03/2009 12:58:44.000795 eri0 @0:15 b 192.168.1.101,138 -> 192.168.1.255,138 PR udp len 20 229 IN multicast 23/03/2009 13:04:16.665658 eri0 @0:15 b 192.168.1.128,138 -> 192.168.1.255,138 PR udp len 20 240 IN multicast 23/03/2009 13:14:16.667128 eri0 @0:15 b 192.168.1.128,138 -> 192.168.1.255,138 PR udp len 20 240 IN multicast 23/03/2009 13:17:28.791530 eri0 @0:15 b 192.168.1.101,138 -> 192.168.1.255,138 PR udp len 20 244 IN multicast 23/03/2009 13:18:18.926805 eri0 @0:15 b 192.168.1.128,138 -> 192.168.1.255,138 PR udp len 20 229 IN multicast 23/03/2009 13:22:43.225333 eri0 @0:15 b 192.168.1.101,138 -> 192.168.1.255,138 PR udp len 20 229 IN multicastI tried creating some rules to allow this, but for some reason it is still being blocked.
pass out quick on eri0 proto udp from 192.168.1.9 to 192.168.1.255 pass out quick on eri0 proto udp from 192.168.1.0/24 to 192.168.1.255 port = 137 pass in quick on eri0 proto udp from 192.168.1.0/24 to 192.168.1.255 port = 137
So I'm not sure if it's best to allow these packets or stop them. If its better to allow them, which is a suitable firewall rule for ipfilter?