# pflog igmp query



## gpatrick (Sep 25, 2010)

These are filling up my pflog.  Does anyone know what the igmp query to 224.0.0.1 is that is being blocked?

```
Sep 25 10:44:27.449076 rule 12/(match) block in on axe0: 70.182.200.1 > 224.0.0.1: igmp query [ttl 1]
```


----------



## kpa (Sep 25, 2010)

http://en.wikipedia.org/wiki/IGMP
You can ignore that traffic, make a separate rule for blocking the traffic with no log keyword if you don't like it filling your logs.


----------



## SIFE (Sep 28, 2010)

Add this to your rules :

```
pass in on $ext_if proto igmp all allow-opts
```


----------



## jtom (Jan 10, 2012)

gpatrick said:
			
		

> These are filling up my pflog.  Does anyone know what the igmp query to 224.0.0.1 is that is being blocked?
> 
> ```
> Sep 25 10:44:27.449076 rule 12/(match) block in on axe0: 70.182.200.1 > 224.0.0.1: igmp query [ttl 1]
> ```



An IGMP Query is a particular IGMP message sent by a router periodically to check if there are hosts on that particular LAN segment interested to receive multicast traffic. 224.0.0.1 represents all multicast hosts and it is part of the local multicast addresses not routable in the internet. Simpler said your ISP probably has multicast enabled and you can filter it if you are not planning on using multicast.


----------

