# Unknow entry in IPFW log



## Gerard (Apr 28, 2010)

Using FreeBSD-8/amd64

I am in the process of setting up an IPFW firewall. It appears to be working correctly; however, I am finding this in the security.log file:


```
Apr 28 12:35:50 scorpio kernel: ipfw: 4400 Deny P:2 192.168.1.1 224.0.0.1 in via nfe0
```

This appears to be from the catchall deny rule. I cannot find any documentation on what the "P:2" notation means. x(

Also, should "224.0.0.1" be blocked? I tried Googling and found several listings indicating that it should be allowed? Is that correct? :q

Thanks! :beergrin


----------



## SirDice (Apr 28, 2010)

224.0.0.1 is multicast. Most likely sent by a (cisco) switch on your network. Just leave it blocked.


----------



## phoenix (Apr 28, 2010)

Checking /etc/protocols shows P:2 (protocol) to be IGMP, the Internet Group Management Protocol, which is used on multicast networks.  224.0.0.0 is used for multicast.  Thus, there's something on your network trying to use multicast.

If your host is not part of a multicast group, then you can ignore that deny rule.
If your host should be part of a multicast group, then you'll need to allow traffic to/from 224.0.0.0 subnet.


----------

