No. I want DD-WRT to either filter/drop/block or functionally-break all inbound, outbound, WAN and LAN multicast packets or at least reduce all inbound, outbound, WAN and LAN multicast traffic.
In DD-WRT (v44809 3.X with Kernel 4.4) I enabled:
- Shortcut Forwarding Engine
- Multicast Filtering (WAN)
- IGMP Snooping (VLAN1)
- PBR (LAN Interface) Catch All P2P Protocols
- PBR (LAN Interface) to filter/drop/block ICMP, all TCP and UDP ports (except for DNS, NTP, HTTP, HTTPS, required VPN bootstrap, and VPN ports).
In PC OS I set software firewall to block:
- All inbound traffic
- All outbound ICMP, IGMP, TCP and UDP ports (except for DNS, NTP, HTTP, HTTPS, required VPN bootstrap, and VPN ports)
From what I understand, my software firewall prevent inbound and outbound multicast packets from reaching LAN, and DD-WRT settings prevent inbound and outbound multicast traffic from reaching WAN, but I am confused about IGMP Snooping for VLAN1. Does it snoop on IGMP traffic coming from PC to LAN or does it snoop on IGMP traffic coming from WAN to LAN?
Joined: 13 Aug 2013 Posts: 5855 Location: Romerike, Norway
Posted: Sun Nov 22, 2020 15:20 Post subject:
Your PC or IPTV box sends a request to join the Multicast Group. Igmpproxy then only forwards the multicast to those interfaces that have nodes that have requested it. When the last client leaves the group, forward is stopped on that interface.
That did not answer my question though... IGMP Proxy is not the same as IGMP Snooping... Both of them are supposed to reduce IGMP traffic and allow it to communicate only with devices that use IGMP multicast signals.
It is possible that "Filter Multicast" is enough to prevent inbound multicast packets to DD-WRT router. If that is so, then what happens if both "Filter Multicast" and "IGMP Snooping" are enabled?