Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Log filling with blocked ipv6 traffic

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    8 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      Paul47
      last edited by

      I just upgraded from 2.1 to 2.1.3 on the embedded system, using the automatic upgrade. Now my log is filling with this stuff:

       block
      	May 3 06:36:24 	lo0 	Block all IPv6 (@3)		Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List [fe80::222:4dff:fe84:b7ec] 	Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic [ff02::1] 	ICMPv6
      block
      	May 3 06:36:24 	Direction=OUT LAN 	Block all IPv6 (@4)		Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List [fe80::222:4dff:fe84:b7ec] 	Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic [ff02::1] 	ICMPv6
      
      

      The above pair is repeated over and over.

      I have System:Advanced:Networking:AllowIPV6 unchecked.

      I'm not sure what is going on here, what is generating this traffic. My network is some old XP machines. I did find this discussion that may have something to do with it:
      https://forum.pfsense.org/index.php?topic=64588.msg350069#msg350069
      However I don't see any of the suggestions there implemented in 2.1.3.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • ? This user is from outside of this forum
        Guest
        last edited by

        ….got something related lately after an update and found that for one of the interfaces the "IP Configuration Type" had changed from "None" to "Track Interface", don't know how...

        Last night one WAN interface changed (!) its MAC to a value it had for some weeks in April (I change the MAC manually from time to time to get a new IP), don't know how... :o

        1 Reply Last reply Reply Quote 0
        • P Offline
          Paul47
          last edited by

          My ipv4 and ipv6 configuration type has not changed for either interface. For ipv6 it is still "none".

          1 Reply Last reply Reply Quote 0
          • ? This user is from outside of this forum
            Guest
            last edited by

            Hmmm, then look arround for any other (new) device in your network that might cause IPv6 multicast in the link-local address range (fe80….). :)

            1 Reply Last reply Reply Quote 0
            • P Offline
              Paul47
              last edited by

              Not sure about the cable modem on the WAN, but I don't think it is a WAN issue anyway. Of the rest on the LAN, both XP machines say they have no ipv6 stack ("ipv6 if" command), and when I pull my linux box, that I am using to access pfsense, off the net, I still get these logs. So I am inclined to think the traffic is generated within pfsense itself. Anyway one of the two log entries is from interface lo0…

              1 Reply Last reply Reply Quote 0
              • P Offline
                Paul47
                last edited by

                The MAC address in the log is that of the em1 device, the pfsense LAN interface. So yeah, it is pfsense that is generating these log entries. The hardware is an Intel 2500CC board, by the way.

                1 Reply Last reply Reply Quote 0
                • ? This user is from outside of this forum
                  Guest
                  last edited by

                  Got the same traffic blocked by "Block all IPv6 traffic" rule, from OPT1 to ovpns1….

                  1 Reply Last reply Reply Quote 0
                  • P Offline
                    Paul47
                    last edited by

                    Not sure what you are suggesting here. My problem is not with blocking it, but with logging it, since it kinda makes my log useless when it is filled with stuff I don't care about. I suppose I could put a specific rule in to block it without logging; but one wonders why the traffic is being generated in the first place, after a minor release. Why do we need to change our rule sets after a minor release?

                    Maybe that's just normal, and I incorrectly assumed otherwise.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.