Block Multicast traffic with Bridge configuration?

Sakis

Active Member
Aug 14, 2013
121
6
38
Hello,

I would like to ask if there is a way to block all multicast traffic coming to specific bridge in a Proxmox node. We can accomplish this at the moment with switch settings and acl. But a node level configuration would be more efficient and "dummy" for all clusters regardless networking hardware.

If not in linux bridge configuration how can we accomplish it alternatively?
Ebtables? Iptables? Arptables? Proxmox firewall settings in node level? Configuration regarding igmp in /sys/dev?

Regards,
Sakis
 
Thank you. This is were we were focusing also.

We will try values in
/sys/devices/virtual/net/vmbr1/bridge/multicast_snooping
/sys/devices/virtual/net/vmbr1/bridge/multicast_router
/sys/devices/virtual/net/vmbr1/bridge/multicast_querier etc.

It seems that they are integrated in network configuration also:
https://manpages.debian.org/stretch/ifupdown2/ifupdown-addons-interfaces.5.en.html

bridge-mcsnoop 0-1
bridge-mcquerier 0-1
bridge-mcrouter 0-1

We will give it a try and update here.
 
The ifupdown2 is not installed on PVE, rather the ifupdown package.
 
A small update.

I configured the interface in /etc/network/interfaces and added bridge-mcrouter 0.
Restarted the node.
After successfully booting the node I can see that the value of /sys/devices/virtual/net/vmbr0/bridge/multicast_router is still 1.
Checked multicast traffic on a VM in this node and is still receiving it.

Indeed seems like these options doesn't work. The only way to block multicast traffic from reaching all bridges is with configuration in switch.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!