One problem with how Vuurmuur currently works is that there is no "allow multicast" setting for a zone, which nukes services such as avahi. Though this could be solved by adding some code to vuurmuur and I'm sure that will be done eventually there is an intermediate solution which works by adding a multicast zone to the local/lan interface.

Multicast works by sending messages out to a specific range of pre-defined IP-addresses which is why the solution to use a network to group multicast is relatively logical, you can't model this as a host or a service in vuurmuur terminology.

Open vuurmuur_conf and go to Zones > Local (or whatever your local zone is called). There, you should see at least one zone named LAN or something accordingly symbolising your internal network.

Here, hit INS/insert/i to create a new network, name this multicast.

The network should be configured at least with the following options:

  • Active: Yes
  • Network:
  • Netmask:

After you've created this network go back to the Main Menu and select Rules and add a rule like so:

  • Accept
  • Service: any
  • From firewall
  • To: multicast.lan

This now allows your vuurmuur box to actually use multicast to advertise services it is running or support zeroconf clients through Avahi/Bonjour?.

