Firewall logs are getting spammed
-
I recently went to check my firewall logs in Status->System Logs->Firewall and noticed that, even when I have 1000 max entries set, I'm only seeing about 30.
I did some investigation and did a "clog /var/log/filter.log" and discovered that my logs are being flooded with ICMPv6 blocks for fe80 on my network every two seconds. Absolutely terrible.
I'm currently blocking ipv6 traffic on my network by unchecking "Allow IPv6 Traffic" in System->Advanced->Networking.
My guess is this – Setting that feature is creating a pfsense firewall rule that doesn't show up in the firewall rules in the webgui. That invisible rule is also getting logged on disk but getting discarded in the webgui. Because there are so many of these blocks in the circular log, they are flushing out all the other legitimate blocks that I told pfsense to log.
Is my theory correct? Why am I not seeing the ICMPv6 blocks on the webGUI when i see them in filter.log?
-
Why am I not seeing the ICMPv6 blocks on the webGUI when i see them in filter.log?
Been a problem for a long time and just recently reported and fixed.
https://redmine.pfsense.org/issues/5933The fix has been merged in pfsense:master and also in pfsense:RELENG_2_2.
So the fix is already in 2.3 beta, and if there is another 2.2.x release it should be included.master: https://github.com/pfsense/pfsense/pull/2690
RELENG_2_2: https://github.com/pfsense/pfsense/pull/2691