Log filling with blocked ipv6 traffic
-
I just upgraded from 2.1 to 2.1.3 on the embedded system, using the automatic upgrade. Now my log is filling with this stuff:
block May 3 06:36:24 lo0 Block all IPv6 (@3) Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List [fe80::222:4dff:fe84:b7ec] Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic [ff02::1] ICMPv6 block May 3 06:36:24 Direction=OUT LAN Block all IPv6 (@4) Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List [fe80::222:4dff:fe84:b7ec] Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic [ff02::1] ICMPv6The above pair is repeated over and over.
I have System:Advanced:Networking:AllowIPV6 unchecked.
I'm not sure what is going on here, what is generating this traffic. My network is some old XP machines. I did find this discussion that may have something to do with it:
https://forum.pfsense.org/index.php?topic=64588.msg350069#msg350069
However I don't see any of the suggestions there implemented in 2.1.3.Any ideas?
-
….got something related lately after an update and found that for one of the interfaces the "IP Configuration Type" had changed from "None" to "Track Interface", don't know how...
Last night one WAN interface changed (!) its MAC to a value it had for some weeks in April (I change the MAC manually from time to time to get a new IP), don't know how... :o
-
My ipv4 and ipv6 configuration type has not changed for either interface. For ipv6 it is still "none".
-
Hmmm, then look arround for any other (new) device in your network that might cause IPv6 multicast in the link-local address range (fe80….). :)
-
Not sure about the cable modem on the WAN, but I don't think it is a WAN issue anyway. Of the rest on the LAN, both XP machines say they have no ipv6 stack ("ipv6 if" command), and when I pull my linux box, that I am using to access pfsense, off the net, I still get these logs. So I am inclined to think the traffic is generated within pfsense itself. Anyway one of the two log entries is from interface lo0…
-
The MAC address in the log is that of the em1 device, the pfsense LAN interface. So yeah, it is pfsense that is generating these log entries. The hardware is an Intel 2500CC board, by the way.
-
Got the same traffic blocked by "Block all IPv6 traffic" rule, from OPT1 to ovpns1….
-
Not sure what you are suggesting here. My problem is not with blocking it, but with logging it, since it kinda makes my log useless when it is filled with stuff I don't care about. I suppose I could put a specific rule in to block it without logging; but one wonders why the traffic is being generated in the first place, after a minor release. Why do we need to change our rule sets after a minor release?
Maybe that's just normal, and I incorrectly assumed otherwise.