Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 no firewall log entries

    Scheduled Pinned Locked Moved IPv6
    4 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pablot
      last edited by

      Hi, I've been using my "HE tunnel IPv6" enabled network for some days and everything seems to be working fine, but I'm a bit worried because I have not see any blocked traffic on the HE interface.

      My two wans and my lan are appearing as usual in the firewall logs with blocked entries, but no tunnel interface appears with blocked traffic.

      Perhaps this is fine, but I'm not sure if this is normal.

      Thanks,
      Pablo

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        What are you rules on your tunnel?  What sort of traffic do you think you should see?  are you logging the default block rule?  There is not nearly as much noise on ipv6.. The IP space is so freaking HUGE!!!  But if you want to to check.. use one of the canyouseeme sort of sites for ipv6 and send something to your ipv6 addresses..

        So for example just did a port check for a port I have closed to one of my ipv6 hosts that I have in the ipv6 ntppool and gets traffic all the time.. You can see its logged in pfsense firewall.

        But again - ipv6 is HUGE!!! your prob not going to see anywhere close to the noise you see on ipv4.. for example that 22 and 23 ports you see in my screenshot to my normal ipv4 wan.

        Here are 2 ipv6 online scanners you can use
        http://www.ipv6scanner.com/cgi-bin/main.py
        http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-port-scanner.php

        Normally I would not log that UDP noise - but I had recently turned back on the default logging rule to check something, and had not turned it back off.  That is why you see the blocks in the log from clean (my rule) that only logs tcp syn, and then that udp block to my wan.. Normally I do not log that noise and only log tcp syn traffic.

        ipv6scan.png
        ipv6scan.png_thumb
        firewallrulesHEtunnel.png
        firewallrulesHEtunnel.png_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • P
          pablot
          last edited by

          Thanks, you were right. I've done a port scan, everything is filtered and the firewall logs showed me all the attempts.

          I guess it was a combination of the HUGE address space and less noise on IPv6.

          I do not have rules for my tunnel, just the default. Which is everything filtered if I'm not wrong.

          Thanks!!!

          ![Sin título.png](/public/imported_attachments/1/Sin título.png)
          ![Sin título.png_thumb](/public/imported_attachments/1/Sin título.png_thumb)

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            yeah from those default rules then all unsolicited inbound would be blocked..

            With such a huge space.. its almost impossible to just scans of the space.. Unlike ipv4 where you can scan for open ssh servers.. In 1 /64 your talking 18,446,744,073,709,551,616 IPs you would need to scan ;)

            All of ipv4 space - all of it is total possible only 4,294,967,296 in comparison ;)

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.