Can anyone tell me what the following is:
Sep 10 20:39:33 boss.<DOMAIN NAME> kernel: **FINAL_REJECT: IN=wlan2 OUT= MAC=01:00:5e:00:00:fb:00:09:b0:17:25:35:08:00 SRC=192.168.0.56 DST=224.0.0.251 LEN=394 TOS=0x00 PREC=0x00 TTL=255 ID=26914 DF PROTO=UDP SPT=5353 DPT=5353 LEN=374 **
I get THOUSANDS of these in my journalctl all the time - VERY difficult to find any “normal” entries. eg last boot was from about 16:00 to 20:40 (4 hours 40 mins) and there are 21,508 entries… about 99% are similar to above.
Thanks.
Assuming your machine’s IP address is 192.168.0.56,
Your machine is multi-casting.
If that isn’t your local machine, then you have a machine in your network that is multi-castiing.
Inspect your applications for typical multi-casting applications like VoIP, video conferencing, certain types of video resentations
I’d guess that if this is exactly what is happening,
You can run tcpdump or Wireshark to capture the UDP packets, then inspect the packet contents in Wireshark.
I’d also guess that mDNS wouldn’t be very common in ipV4 networks but possibly very probable in an IPv6 network.
No, that’s for used for discovering the MAC (link layer) address associated with a given IP address. I’m referring to Avahi for host/service discovery and name resolution using multicast DNS.
Discovery and dissemination of information by directed connections instead of broadcast protocols is more consistent with IPv6.
Hence my speculation…
TSU
Avahi uses mDNS and capable of working with both IPv4 and IPv6. (I have both configured in /etc/avahi/avahi-daemon.conf)
Sorry, have been away and out of touch…
That device (192.168.0.56), is actually a “clever” AV Reciever… (Pioneer VSX932) - does all sorts, including Chromecast, DLNA, etc.
Is there normally any way to turn that off?
Thanks.
Sorry, being not overly knowledgeable in these things, didn’t just mean “Is there normally any way to turn that off?”, but, yes, I still want the AVR to do all the tricky bits it does, but how can I stop it from filling the log…?
BTW, it’s not the ONLY thing appearing in the log, there are a number of other chromecast devices that appear, along with a number of other “smart” devices, but these never used to fill up the log… How do I clear these out so they don’t appear, and hence take up disk space…?
Thanks.
You can turn the logging off, either via a direct edit to /etc/firewalld/firewalld.conf file, or via the config utilities (firewall-config or firewall-cmd). The default is off, so not sure why you’re seeing them…
# LogDenied
# Add logging rules right before reject and drop rules in the INPUT, FORWARD
# and OUTPUT chains for the default rules and also final reject and drop rules
# in zones. Possible values are: all, unicast, broadcast, multicast and off.
# Default: off
LogDenied=off
Restart firewalld once a change has been made for it to take effect.
Obviously I’m being confused by the terminology…
Would have thought that :
LogDenied=all
should deny all messages being written to the logfile, and
LogDenied=multicast
should deny all multicast messages being written to the logs…
Thanks.