Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Where are the inbound rules for routeable IPv6 on LAN interfaces? Solved

    Scheduled Pinned Locked Moved IPv6
    4 Posts 3 Posters 396 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      chrcoluk
      last edited by chrcoluk

      So I noticed I have fully working inbound ICMP which is fine, but I wanted to start logging it to track a source IP for a monitoring service I am using and then noticed there is no specific rules setup to allow the traffic, is this being allowed via one of the hidden default rules?

      There is a WAN rule, but thats not processing the traffic.

      pfSense CE 2.8.0

      C GertjanG 2 Replies Last reply Reply Quote 0
      • C Offline
        chrcoluk @chrcoluk
        last edited by

        Already solved, it is the WAN rule, logging didnt show it as its using an established state.

        pfSense CE 2.8.0

        Bob.DigB 1 Reply Last reply Reply Quote 0
        • Bob.DigB Offline
          Bob.Dig LAYER 8 @chrcoluk
          last edited by

          @chrcoluk Solved

          1 Reply Last reply Reply Quote 0
          • GertjanG Offline
            Gertjan @chrcoluk
            last edited by

            @chrcoluk said in Where are the inbound rules for routeable IPv6 on LAN interfaces? Solved:

            I have fully working inbound ICMP which is fine

            Inbound on .. LAN or WAN ?
            The default behavior of LAN : TCP, UDP, ICMP, and dozens of other protocols are allowed.
            WAN : nothing, meaning zero, which wasn't initiated from pfSense itself (or some LAN device), can enter.

            @chrcoluk said in Where are the inbound rules for routeable IPv6 on LAN interfaces? Solved:

            it is the WAN rule, logging didnt show it as its using an established state.

            What WAN rule ?
            If traffic comes in on WAN and it is established traffic, then initially, it was granted by an existing WAN firewall rule, one you place there yourself. Subsequent traffic, from the same traffic stream, will be granted right away.

            If you want WAN to reply on ICMPv4 from some device on the Internet, you need to create firewall rule on WAN that grants access from this device (this device, using its source IP, or "any" for everybody) selecting some or all ICMPv4 types of traffic.

            By default, pfSense will not reply on ICMP request coming into (= inbound into WAN) the WAN.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.