Mysterious IGMP Query Request packets from 0.0.0.0 to 224.0.0.1

On my Debian KVM hosts, and on the firewalls that guard them, I noticed that every two minutes, plus a couple seconds or so each time, I’d see blocked IGMP packages from 0.0.0.0 to 224.0.0.1. Googling around, I found this post, explaining that it’s the multicast_snooping option for bridge-utils that’s causing it. Being KVM hosts, they are indeed configured with bridges.

I added the following line to my Bash startup scripts in /etc/rc.local, and the issue is now gone:

(
    shopt -s nullglob;
    for ms in /sys/devices/virtual/net/br*/bridge/multicast_snooping; do
        echo -n 0 >"$ms"
    done
)

In short, it runs a subshell, sets the nullglob option to prevent running on a file with an asterisk in the name if no bridges were found, then puts a 0 into all found multicast_snooping configuration files. Problem solved!

Note: If you use virtual interfaces, those are in /sys/devices/virtual/net/virbr and require the same treatment.

Leave a Reply

Your email address will not be published. Required fields are marked *