This question relates to a Debian server with KVM and a Windows guest running on it and UFW 0.36.1. The server has a local subnet 192.168.0.0/24 and KVM has its own subnet 192.168.122.0/24 through virbr0.
Unfortunately, UFW is quite verbose in filling log files. I would like to deny some broadcast traffic so that it does not flood my log files. I was able to deny broadcast traffic on the local network but I cannot accomplish that same with traffic originating from the VMs. There is probably some conceptional mistake on my side.
In UFW, denied traffic does not trigger log entries. The log entry that I try to deny is:
[UFW BLOCK] IN=virbr0 OUT=virbr0 PHYSIN=vnet46 PHYSOUT=vnet43 MAC=33:33:00:00:00:0c:52:54:00:e6:ed:6f:86:dd
SRC=fe80:0000:0000:0000:3c22:7a20:fa15:b800 DST=ff02:0000:0000:0000:0000:0000:0000:000c
LEN=194 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=UDP SPT=56462 DPT=1900 LEN=154
I confirmed with netstat -ano that the Windows VM sends traffic on fe80::3c22:7a20:fa15:b800 port 1900.
I have tried:
ufw deny from fe80::3c22:7a20:fa15:b800
ufw deny in on virbr0 from fe80::3c22:7a20:fa15:b800
ufw deny in on virbr0 from fe80::3c22:7a20:fa15:b800 to ff02::/8
ufw deny in on virbr0 from fe80::3c22:7a20:fa15:b800 to any port 1900 proto udp
All with no success. Btw, the Windows VM can access the Internet fine, IPV6=yes in /etc/default/ufw and ufw status verbose has:
Default: deny (incoming), allow (outgoing), deny (routed)
What am I missing?
This old question maybe related, but it still has no answer.
