Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trying to Learn what my log is saying

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 524 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      W0GEN
      last edited by

      I am new to Netgate, and trying to learn more on how to best configure my PFSense router.
      What is it when I have deny's on my LAN, and they are not IP Addresses?:
      Aug 20 20:31:19 LAN Default deny rule IPv6 (1000000105) [fe80::7683:c2ff:fe13:77d4]:33819 [ff02::1]:10002 UDP
      Aug 20 20:31:11 LAN Default deny rule IPv6 (1000000105) [fe80::7683:c2ff:fe15:38a3]:43626 [ff02::1]:10002 UDP

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        On the log settings ( Status > System Logs > Settings ) this option is checked ( activated ) :

        ca1c67ed-8601-49be-bfed-7a932a07c6b1-image.png

        Every interface has a hidden, final (last) firewall rule : it blocks everything.
        Your own rules - if any, are visible in the GUI, are above this rule, as you created them.

        This :

        @W0GEN said in Trying to Learn what my log is saying:

        LAN Default deny rule IPv6

        is the default IPv6 bock rule on the LAN interface in action : some IPv6 - a device using the auto assigned IPv6 fe80::7683:c2ff:fe15:38a3 want to communicate with the router - pfSense, and you have not any rules on your LAN interface that let pas this IPv6 UDP traffic.

        Understand that even if you think you are not using IPv6, all modern OS's today do use it for years to communicate among all devices on the same network segment - your LAN in this case.

        To stop the "noise" , stop the default deny rule from logging == uncheck the option.
        Or make your IPv6 actually work, as it is there to replace IPv4 eventually.

        To see more about "who and what " : check the file /tmp/rules.debug and look for the ID 1000000105.

        You will find this :

        ....
#---------------------------------------------------------------------------
# default deny rules
#---------------------------------------------------------------------------
block in  inet all tracker 1000000103 label "Default deny rule IPv4"
block out  inet all tracker 1000000104 label "Default deny rule IPv4"
block in  inet6 all tracker 1000000105 label "Default deny rule IPv6"
block out  inet6 all tracker 1000000106 label "Default deny rule IPv6"
.....

        The third block rule is your rule in action.
        inet6 = IPv6.
        and the label is the text identifier you saw : ""Default deny rule IPv6"

        This file is the actual rule set loaded into the firewall.
        You control some parts with the GUI firewall rules Firewall > Rules > ........ (and NAT rules, etc)

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 1
        • W
          W0GEN
          last edited by

          Thank you Very Much! this helps a lot!!!
          Bill

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.