Bug 13092

Summary: IPTV protocol blocked by Bogon Blocklist
Product: IPFire Reporter: cfusco <carlo.fusco>
Component: ---Assignee: Stefan Schantl <stefan.schantl>
Status: CLOSED FIXED QA Contact: Peter Müller <peter.mueller>
Severity: Minor Usability    
Priority: Will affect all users CC: peter.mueller, stefan.schantl
Version: 2   
Hardware: all   
OS: All   

Description cfusco 2023-04-25 15:42:41 UTC 
The IGMP traffic coming from IGMPPROXY, directed to my provider IP addresses for multicast IPTV, is filtered out by BLACKLIST BOGON blocklist.

When I try to open a TV channel the stream does not work. 
Here the logs showing how the forwarded packets going from my IP to a multicast IP address (224.0.0.0/4) with protocol 2 (I assume IGMP) are filtered by BOGON. If I remove the BOGON filter, the IPTV stream works perfectly fine.

--- logs ---
Apr  9 10:40:54 ipfire kernel: BLKLST_BOGON IN= OUT=red0 SRC=[censored] DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 
Apr  9 10:40:56 ipfire kernel: BLKLST_BOGON IN= OUT=red0 SRC=[censored] DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 
Apr  9 10:41:12 ipfire kernel: BLKLST_BOGON IN= OUT=red0 SRC=[censored] DST=224.0.0.2 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 
Apr 10 08:10:18 ipfire kernel: BLKLST_BOGON IN= OUT=red0 SRC=[censored] DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
--- logs ---

Tested in a beta version of 174.
Comment 1 Stefan Schantl 2023-04-25 18:43:14 UTC 
Hello cfusco,

thanks for reporting.

I've sent a patch to our development mailing list to fix this issue.

https://patchwork.ipfire.org/project/ipfire/patch/20230425184009.3674-1-stefan.schantl@ipfire.org/

Please test and report back if this solves the problem.

Thanks in advance and best regards,

-Stefan
Comment 4 cfusco 2023-05-29 08:07:14 UTC 
I finally tested the patch and I can confirm that it fixes completely the problem. Thank you to all developers and contributors to IPFire project.