From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Tue, 25 Apr 2023 18:40:09 +0000 (+0200)
Subject: firewall: Allow traffic from multicast networks
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;ds=sidebyside;h=b5784fbc3308214852e3029bccca20e0f63f35a8;p=people%2Fpmueller%2Fipfire-2.x.git

firewall: Allow traffic from multicast networks

The multicast network segment 224.0.0.0/4 is used for a lot of
different services provided by the local ISP's. (IPTV etc.)

We have to allow traffic from this networks when using one of
the BOGON blocklists in order to get those ISP services still
accessable.

https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml

Fixes 13092.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 6c08feb863..7edb910e2d 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -55,6 +55,7 @@ my @PRIVATE_NETWORKS = (
 	"172.16.0.0/12",
 	"192.168.0.0/16",
 	"100.64.0.0/10",
+	"224.0.0.0/4",
 );
 
 # MARK masks