Hi,
I am trying to use the built in options in CloudIQ as well as the IP Firewall on user profiles to block multicast traffic like mDNS.
I have ticked "Enable Multicast Drop" and unticked "Except for the following protocols: mDNS". I have also unticked "Enable Inter-station Traffic".
I have also added following Outbound IPFW rules with a Deny action:
Source: Any - Destination: Any - Service/Application mDNS (I have tried both the predefined Extreme mDNS application as well as my own manually defined service)
Source: Any - Destination: 224.0.0.0/4
Despite this I still see mDNS traffic originating from one client on the wireless to another. They are on the same Network Policy, same SSID, same HIVE, different APs. I am verifying by Wireshark capture that I still mDNS between the two clients. When inspecting the traffic, I see the IPv4 headers of the mDNS traffic match what I have configured in the IPFW rules, yet the traffic still goes between clients.
I have logged this with GTAC and demonstrated the issue and they have been unable to provide an explanation.
Are the options to block mDNS and other multicast traffic and the manual IPFW rules for CloudIQ APs just completely broken? I see the same issue with inter-station traffic that the APs seem incapable of blocking client to client communication, even if I add the manual IPFW for inter-station deny.
Other firewall rules such as blocking RFC1918 address ranges work ok.
We are running AP4000 on 10.7.5.0. Any ideas?
Thanks.
