From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] firewall: Allow traffic from multicast networks
Date: Tue, 25 Apr 2023 20:40:09 +0200
Message-ID: <20230425184009.3674-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7921452656191833123=="
List-Id: <development.lists.ipfire.org>

--===============7921452656191833123==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

The multicast network segment 224.0.0.0/4 is used for a lot of
different services provided by the local ISP's. (IPTV etc.)

We have to allow traffic from this networks when using one of
the BOGON blocklists in order to get those ISP services still
accessable.

https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml

Fixes 13092.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/firewall/rules.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 6c08feb86..7edb910e2 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -55,6 +55,7 @@ my @PRIVATE_NETWORKS = (
 	"172.16.0.0/12",
 	"192.168.0.0/16",
 	"100.64.0.0/10",
+	"224.0.0.0/4",
 );
 
 # MARK masks
-- 
2.30.2


--===============7921452656191833123==--