is working now? do you have received abuse messages?I now just checked the files and all were filled with a "0".
Then i let Hetzner re-evaluate my issue and got the message that my issue is not resolved.
Yes i did restart the node.
ebtables -I OUTPUT -o <phyiscal intertace> --among-src ! <mac1,mac2,mac3....> --log-level info --log-prefix "MAC-FLOOD-O" --log-ip -j CONTINUE
ebtables -I FORWARD -o <physical interface> --among-src ! <mac1,mac2,mac3....> --log-level info --log-prefix "MAC-FLOOD-F" --log-ip -j CONTINUE
i currently did not receive any abuse message after one week of having this installed.is working now? do you have received abuse messages?
Have you rebooted the server?i currently did not receive any abuse message after one week of having this installed.
thanks for the report, I'll to check if lxc + debian 10.10 could send some strange packet at reboot.Now, the problem is back after i upgraded a LXC with Debian 10.5 to 10.10 (and reboot the lxc, reboots on 10.5 makes no problems), I can find the problematic MAC with "ip add" on the fwln100i0@fwpr100p0 bridge. But it's strange with enabled Hetzner Robot Firewall there is no traffic to find with tcpdump.
@spirit I will try your ebtables.
ebtable log:
Oct 6 09:46:24 kvmformation3 kernel: [437256.753355] MAC-FLOOD-F IN=fwpr109p0 OUT=eno1 MAC source = 22:5f:0b:cb:ac:42 MAC dest = 01:00:5e:00:00:16 proto = 0x0800 IP SRC=0.0.0.0 IP DST=224.0.0.22, IP tos=0xC0, IP proto=2
# tcpdump -e -i eno1 igmp
09:53:23.914825 22:5f:0b:cb:ac:42 (oui Unknown) > 01:00:5e:00:00:16 (oui Unknown), ethertype IPv4 (0x0800), length 54: 0.0.0.0 > igmp.mcast.net: igmp v3 report, 1 group record(s)
^C
Thanks, I will try it soon.can you try:
echo 0 > /proc/sys/net/ipv4/igmp_link_local_mcast_reports
?
it's fixing the igmp packets send on ct stop/start for me
# cat /proc/sys/net/ipv4/igmp_link_local_mcast_reports
1
# interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address xxx.xxx.xxx.xxy/32
# --- BEGIN PVE ---
post-up ip route add xxx.xxx.xxx.xxx dev eth0
post-up ip route add default via xxx.xxx.xxx.xxx dev eth0
pre-down ip route del default via xxx.xxx.xxx.xxx dev eth0
pre-down ip route del xxx.xxx.xxx.xxx dev eth0
# --- END PVE ---
iface eth0 inet6 static
address xxxx:xxxx:xxxx:xxxx::y/64
gateway xxxx:xxxx:xxxx:xxxx::x
auto net1
iface net1 inet static
address yyy.yyy.yyy.yy/24
I have rebooted the server two times and at the moment, no abuse messages..ebtables -I OUTPUT -o <phyiscal intertace> --among-src ! <mac1,mac2,mac3....> --log-level info --log-prefix "MAC-FLOOD-O" --log-ip -j CONTINUE ebtables -I FORWARD -o <physical interface> --among-src ! <mac1,mac2,mac3....> --log-level info --log-prefix "MAC-FLOOD-F" --log-ip -j CONTINUE
Problem unsolved.ebtables -I OUTPUT -o <phyiscal intertace> --among-src ! <mac1,mac2,mac3....> --log-level info --log-prefix "MAC-FLOOD-O" --log-ip -j CONTINUE ebtables -I FORWARD -o <physical interface> --among-src ! <mac1,mac2,mac3....> --log-level info --log-prefix "MAC-FLOOD-F" --log-ip -j CONTINUE
Problem unsolved.
The support report me that is still answering to unallowed mac address.
Bye bye server.
good lucks
the ebtables don't block nothing, it's only log to /var/log/messages, it could be great if you can look if you have some of them and send it.I have rebooted the server two times and at the moment, no abuse messages..
i meanthe ebtables don't block nothing, it's only log to /var/log/messages, it could be great if you can look if you have some of them and send it.
you need to remove "-p IPv4", or it's not blocking ipv6 or other layer2 protocol like arp,...i mean
ebtables -I FORWARD -o enp2s0 -p IPv4 --among-src ! 00:50:56:15:14:e5,d4:3d:7e:da:f0:03 --log-level info --log-prefix "MAC-FLOOD-F" --log-ip -j DROP
it doesn't work anyway. Do you use the 7 or the 6?you need to remove "-p IPv4", or it's not blocking ipv6 or other layer2 protocol like arp,...
I'm testing with 7 curently (but ebtables rules are the same)Do you use the 7 or the 6?
without the ""-p IPv4" ?it doesn't work anyway.
ebtables -I FORWARD -o enp2s0 --among-src ! 00:50:56:15:14:e5,d4:3d:7e:da:f0:03 --log-level info --log-prefix "MAC-FLOOD-F" --log-ip -j DROP
net.ipv4.igmp_link_local_mcast_reports = 0
in combination of the Hetzner Robot Firewall it looks good, I tried to restart CTs (and also update from 10.5 to 10.10 ) on different hosts. No new Abuse Message.you need to ask to the support for manual verification, otherwise it can happen randomly ...No new Abuse Message.