I need to disable multicast mode for a network interface. I have used sudo ip link set dev ethX multicast off which, according to ifconfig, changes the flags from <UP,BROADCAST,RUNNING,MULTICAST> to <UP,BROADCAST,RUNNING>. However, according to iftop, this network interface continues to send and receive multicast traffic. Additionally, these changes do not persist after a restart, which would be inconvenient assuming that they had the desired effect. What is the proper way to prevent an interface from communicating in multicast mode, and how can I make these changes persist?
I think you are disabling multicast at the ethernet level.
But that does not change multicast at the IP level.
Some protocols need multicast to work.
Especially IPv6 features.
What is it about multicast that is causing you a problem?
1 Like
- Capture undesired traffic to identify ports.
- Check open sockets to identify process names.
- Tweak the app/service configs to stop outgoing traffic.
- Tune the firewall config to block incoming traffic.
I have tried using both OpenSnitch and firewalld to block this incoming traffic, but to no avail. The interface still makes and receives dozens of annoying mDNS requests to and from every device on the network, even though I have removed mDNS from the interface with resolvectl and do not use mDNS. Any other ideas? I would like to just remove the interface’s access to multicast altogether rather than using brute force to block said traffic.
It’s expected that devices on your network will announce them selves to each other. You seem to have turn off your Fedora system announcing itsel to others.
Why do you think this is a problem that other devices are announcing themselves? Is it things like network printers etc?
And disabled avahi as well, I suppose.
Yes, I do not want my system to announce itself; that is what I am trying to prevent. I don’t think there’s anything wrong with devices on a network intercommunicating, I just do not need to interact with anything over LAN, so it serves me no purpose to have this excess traffic cluttering things up.
I removed avahi a long time ago in pursuit of the same goal, but it did not help much.
If nothing is listening on the mDNS socket, the incoming mDNS packages are just dropped. You need an active avahi process or mDNS enabled in systemd-resolved to cause your system to announce itself via mDNS. You can check with tcpdump if your system crates any outgoing mDNS traffic.
tcpdump indicates there is incoming and outgoing multicast traffic to all systems on the network. I have uninstalled avahi and set MulticastDNS=no in usr/lib/systemd/resolved.conf
It sounds like you missed LLMNR:
resolved.conf: Network Name Resolution configuration files | systemd-resolved File Formats | Man Pages | ManKier
If the issue persists, check the output:
sudo ss -anpAinet
I have a script that turns off the multicast on the network interface whenever that interface is up.
From what I understand, even if you disable multicast on your interface you will still see any and all raw multicast packets on the network. All those multicast packets will hit your network interface, but they will just not get processed by the network card if multicast is off on it. You cannot cut out multicast packets from the raw data stream that hits the network card, the card gets everything that the network sends it.
I have had LLMNR disabled for a long time in the same configuration file for security reasons.
Even if that is true, it should not explain why my network interface is also sending outgoing traffic to the other devices on the network.
Yes, that’s suspicious. Are you sure? It’d be interesting to see output of your log and settings.