IPv6 not allowed, but how to stop flooding firewall log?



  • I've disabled IPv6 in pfSense (version 2.3.4-RELEASE-p1) by unchecking "Allow IPv6" in System->Advanced->Networking.

    However, now IPv6 packets coming from the ISP are flooding the firewall log (see attachment). The packets are ICMP multicasts and I'd prefer not to log those.

    I've tried adding my own rule to stop these packets from being logged, but they continue to match the default rule:

    @5(1000000003) block drop in log quick inet6 all label "Block all IPv6"
    

    It seems as if the "Block all IPv6" rule must have higher priority than my own. Is that the case? Because it seems like we ought to be able to turn off IPv6 globally and still have choices about which IPv6 packets get logged.
    ![IPv6 ICMP.png](/public/imported_attachments/1/IPv6 ICMP.png)
    ![IPv6 ICMP.png_thumb](/public/imported_attachments/1/IPv6 ICMP.png_thumb)


  • Galactic Empire

    You could untick the default logging :-

    Status ->System Logs -> Settings

    Log packets matched from the default block rules in the ruleset



  • @NogBadTheBad:

    You could untick the default logging :-

    Status ->System Logs -> Settings

    Log packets matched from the default block rules in the ruleset

    Yes that would stop the unwanted IPv6 packets from getting logged, but then I would lose the default IPv4 logging as well.



  • Why do you want to watch hundred of log entries of useless noise? You'd be much better off logging only what you really want to log, the default deny rules catch all kinds of junk like improperly torn down TCP connections that in almost all cases can be ignored.



  • If you disable dhcp6 server and disable dhcp6 on wan/LAN interfaces it stops the flood. In pfsense 2.4


Log in to reply