IPv6 bogon pings



  • I see that following firewall alert appear about every second since I got IPv6 setup on my pfsense. Seems to be triggered by the bogon network rule (since the source is a local net address)

    May 21 10:04:42	wan_stf	  [fe80::cdab:240]	  [2602:xxxx:xxxx:xxxx::]	ICMPv6
    

    My setup is pretty simple. LAN and WAN interfaces only. Wan uses PPPoE with a vlan to work with CenturyLink silliness. I'm guessing the CenturyLink hardware is pinging me, but I can't figure out how to stop the rule from triggering as the bogon network rule is always higher up in the list of rules.

    Anyone have any tips on how to stop my firewall logs being flooded by blocked pings?



  • I had a similar problem with IPv4 bogon rules and having a "valid" broadcast coming from my ISP (I'll argue "valid" with my ISP at a later date…).

    Here's what I did to stop the flood of logs for this harmless and more importantly known IGMP from my ISP for IPv4, in my case the source IP was 10.54.112.1, I'm sure it should work for IPv6:

    • Created an alias to represet private space called 'private_ipv4_space' and added the 10/8, 172.16/12, and 192/24 ip addresses that are bogon networks for IPv4

    • Created an allow rule on the WAN to allow the 10.54.12.1 which was being treated as a bogon, I made sure to set the destination IP being sent by the ISP just to make sure if it changed, I know.  I put this as high as I could in the overall WAN list.

    • Created a block rule underneath the previous allow rule to block any source that was in the 'private_ipv4_space' alias (aka IPv4 bogon)

    • Disabled the bogon check, this gets rid of that "top of list" firewall rule that is being hit that you can't edit

    Hope this helps!