Relating Error Message back to the GUI
-
Thanks…. that makes sense... got it figured out.
What does the number (1483693418) refer to?
Is it useful for troubleshooting? -
What does the number (1483693418) refer to?
Is it useful for troubleshooting?That's a unique tracker ID. Each rule has one, look at pfctl -vvsr output.
-
I would think that is a Unix time stamp, so yeah it`s unique ;)
1483693418 = Fri, 06 Jan 2017 09:03:38 GMT -
I would think that is a Unix time stamp, so yeah it`s unique ;)
1483693418 = Fri, 06 Jan 2017 09:03:38 GMTThis assuming you can't create two rules within one second :P Hopefully the rule creation system is aware of this…
-
Thanks very much everyone for the replies…. and special thank to doktornotor for look at pfctl -vvsr output.
That really helps a lot, I can clearly see what is going on.
I have IPv6 turned off, but this rule:
@5(1000000003) block drop in log quick inet6 all label "Block all IPv6"
[ Evaluations: 58461 Packets: 4893 Bytes: 1025925 States: 0 ]is filling my log up with hundreds of lines of:
Jan 17 17:36:49 WAN Block all IPv6 (1000000003) [fe80::2fc:8dff:fe24:8b32] [ff02::1] ICMPv6and it's above all the rules created by the GUI. Is there any way for me to get rid of these things?
-
Is there any way for me to get rid of these things?
Add or edit your IPv6 block rule and set it to not log.
-
@KOM:
Is there any way for me to get rid of these things?
Add or edit your IPv6 block rule and set it to not log.
Where would I edit this rule? It is auto generated by the firewall, and @5(1000000003) it is way up the chain above the user generated rules.
At least using pfctl -vvsr lets me see what is REALLY going on. I love the GUI, but sometimes there is nothing better than a good old fashioned terminal - as long as you know what to do with it (which can be a huge challenge).
-
Add your OWN rule there to block any IPv6 WITHOUT logging. ZOMG.
-
This question morphed, so as not to have two threads on the same topic…. I've answered here.
https://forum.pfsense.org/index.php?topic=124074.msg685263#msg685263
The key message of this thread for anyone is:
Use the shell and look at pfctl -vvsr output.
-
Yeah, the key answer to this thread is - add your own rule to block IPv6 as already told zillion times. Done. Move on. Nothing else. 1 minute. Done.