Hi,
I'm constantly seeing this on my pf router.
rule 61/(ip-option) pass in on $ext_if: $ext_gw > 224.0.0.1: igmp query
[tos 0xc0] [ttl 1]
Rule 61 is:
@61 pass quick inet proto igmp from $ext_if:network to 224.0.0.1 keep
state (no-sync)
tcpdump on $ext_if shows:
$ext_gw > 224.0.0.1: igmp query [tos 0xc0] [ttl 1] (id 59056, len 32,
optlen=4 IPOPT-148{4})
I guess pf has a problem with ip-option 148 which is router alert (rfc2113)
Is this normal? Why does it think it's bad?
Ext gateway is cisco (no under my control) which apparently is sending
this option.
G
