Pass List adds unwanted IPv6 addresses
-
I setup an alias for the IP's I want to use with the passlist in Suricata (Legacy).
Then I set the HOME_NET to that passlist value in the WAN interface.
When I 'View List', many IPv6 addresses were added to the HOME_NET that I did not ask for and do not want in there.
How can I remove these? And please don't say, just ignore them. I am trying to tune the interface and these are unnecessary entries.I do not use IPv6 on any interface. All Interface have IPv6 set to none.
Please advise. -
I setup an alias for the IP's I want to use with the passlist in Suricata (Legacy).
Then I set the HOME_NET to that passlist value in the WAN interface.
When I 'View List', many IPv6 addresses were added to the HOME_NET that I did not ask for and do not want in there.
How can I remove these? And please don't say, just ignore them. I am trying to tune the interface and these are unnecessary entries.I do not use IPv6 on any interface. All Interface have IPv6 set to none.
Please advise.You can't remove them, so since you said
And please don't say, just ignore them
there is nothing for us to help you with.
OK, the reply above was bit "tongue-in-cheek" since your post seems to have a bit of an attitude (maybe unintended). Here is the scoop. Suricata and Snort automatically ask pfSense for all the locally assigned interface addresses. The IPv6 ones you see are really assigned to the interface, but they are automatic. If they begin with FE80:, then they are link-local addresses. Click STATUS and INTERFACES from the pfSense menu and I bet you will see them listed for the interface. They truly cause no harm being in the Pass List. Suricata does not generate them, it simply asks pfSense (and by extension, the FreeBSD kernel) for all the IP addresses assigned to the local interfaces.
Bill
-
Sorry, my intent was not adversarial, which is why I hate emails.
Yes, I do see IPv6 Link Local addresses displayed. And you gave a good answer, which is I have no control over it. Maybe extra overhead for netmap, which is what I was trying to avoid.
Thanks
-
Sorry, my intent was not adversarial, which is why I hate emails.
Yes, I do see IPv6 Link Local addresses displayed. And you gave a good answer, which is I have no control over it. Maybe extra overhead for netmap, which is what I was trying to avoid.
Thanks
No problem. Emails (or forum posts) can often be misconstrued because we don't have visual or auditory clues from getting and hearing the information first hand.
There is no overhead for Netmap in regards to those addresses. However, also realize that a Pass List has no function when using Inline IPS Mode. And if you are not using Inline IPS Mode, then Netmap is not even turned on. So those two are not connected. If you have not reviewed this Sticky Post, you will want to check it out as it explains some key differences in the two modes: https://forum.pfsense.org/index.php?topic=135331.0.
Bill
-
The passlist alias would be used to set the HOME_NET even with Inline, correct?
-
The passlist alias would be used to set the HOME_NET even with Inline, correct?
Yes, but the list name would need to be selected in the HOME_NET drop-down selector on the INTERFACE SETTINGS tab. I was talking specifically about the Pass List drop-down, but that control should be hidden when Inline IPS Mode is selected.
Bill
-
Right, that's what I thought. If you use the pass list to create a 'sub-alias', that gets used in the Suricata Interface Inspect and Protect drop downs for Legacy and Inline.
