CFP v2.4.18.184 --> Network Control Rule 5

Hi :

I am new to CFP, I just installed v24.18.184, in the logs, I see the following entry:

Date/Time :2007-02-16 08:03:27
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.2
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Can someone explain, what it means.

In other words what is being blocked and why and what do I need to do if I want to unblock it ?

Thanks, in advance.

Matt

Hey there.

I don’t know if that source address refers to your computer or not, but any outbound IGMP traffic will be dropped.
The IGMP protocol was made to help users downstream online multimedia easier. Internet Group Management Protocol is used to receive online audio and video streams (eg. all that stuff you downstream from youtube.com). The 224.0.0.x is an address range reserved for this purpose only.
Normally you wouldn’t see this kind of firewall messages, so I’m wondering if you’re sharing your Internet connection with others (like ICS = Internet Connection Sharing)? If you want to allow outbound IGMP, which you normally wouldn’t need, you need to make a separate rule for it.

I hope this made some sense :slight_smile:

Thanks Triple Jolt.

The source IP is my machine and it is one of the three machines connected to a router wirelessly.

I see yet another log entry that I cannot explain, it is my machine reported to be connecting to my Gateway, I have allowed the access, but do not know what it actually means:

Date/Time :2007-02-16 09:44:27
Severity :Low
Reporter :Network Monitor
Description:Information (Access Granted, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.2
Destination: 192.168.1.1
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Could you kindly help me decipher this one.

Thanks

Matt

The description field pretty much explains it all, but basically it means that an ICMP Port Unreachable was successfully sent to your router. If you check your Network Monitor rules, you’ll see a rule allowing this.
I think you’re Alert Frequency level is set too high, meaning you’ll see every unsolicited and every informational log entry which you don’t really need to see. You should lower it to prevent flooding your logs. Just a friendly FYI :slight_smile:

Info:
ICMP Port Unreachables are messages sent from your computer when its not listening to a requested port. Or if you are blocking inbound PINGs, eg not returning any Echo replies.