19

My router sends out multicast packets in regular intervals that are blocked by UFW's standard policies. These events are harmless but spam my syslogs and ufwlogs. I can't change the router's behaviour as that would require installing a modified firmware and thus void the warranty.

So my question is: Is there any way I can prevent UFW from logging this particular event without changing the blocking policies? And, as a possible follow-up: If I can't define a custom logging policy, would allowing this incoming traffic pose a possible security risk?

Community
  • 1
Glutanimate
  • 2,168
  • 4
  • 22
  • 38

1 Answers1

24

Base on this answer from ServerFault,

ufw supports per rule logging. By default, no logging is performed when a packet matches a rule.

All you have to do is create a UFW deny rule to match those multicast packets.

Community
  • 1
John Siu
  • 4,695
  • 2
  • 25
  • 22
  • 7
    Well, that was much easier than I thought it would be. Dropped a simple `sudo ufw deny from SRC=192.168.178.1 to 224.0.0.1` and the log entries are gone. Thank you very much! – Glutanimate May 02 '13 at 14:38
  • `sudo ufw deny from 192.168.178.1 to 224.0.0.1` worked for me (ufw ver. 0.31.1-2) – Digger Aug 07 '18 at 22:04