Trying to Learn what my log is saying

Firewalling
Log in to reply
  • W

    I am new to Netgate, and trying to learn more on how to best configure my PFSense router.
    What is it when I have deny's on my LAN, and they are not IP Addresses?:
    Aug 20 20:31:19 LAN Default deny rule IPv6 (1000000105) [fe80::7683:c2ff:fe13:77d4]:33819 [ff02::1]:10002 UDP
    Aug 20 20:31:11 LAN Default deny rule IPv6 (1000000105) [fe80::7683:c2ff:fe15:38a3]:43626 [ff02::1]:10002 UDP

    0
  • Gertjan

    Hi,

    On the log settings ( Status > System Logs > Settings ) this option is checked ( activated ) :

    ca1c67ed-8601-49be-bfed-7a932a07c6b1-image.png

    Every interface has a hidden, final (last) firewall rule : it blocks everything.
    Your own rules - if any, are visible in the GUI, are above this rule, as you created them.

    This :

    @W0GEN said in Trying to Learn what my log is saying:

    LAN Default deny rule IPv6

    is the default IPv6 bock rule on the LAN interface in action : some IPv6 - a device using the auto assigned IPv6 fe80::7683:c2ff:fe15:38a3 want to communicate with the router - pfSense, and you have not any rules on your LAN interface that let pas this IPv6 UDP traffic.

    Understand that even if you think you are not using IPv6, all modern OS's today do use it for years to communicate among all devices on the same network segment - your LAN in this case.

    To stop the "noise" , stop the default deny rule from logging == uncheck the option.
    Or make your IPv6 actually work, as it is there to replace IPv4 eventually.

    To see more about "who and what " : check the file /tmp/rules.debug and look for the ID 1000000105.

    You will find this :

    ....
#---------------------------------------------------------------------------
# default deny rules
#---------------------------------------------------------------------------
block in  inet all tracker 1000000103 label "Default deny rule IPv4"
block out  inet all tracker 1000000104 label "Default deny rule IPv4"
block in  inet6 all tracker 1000000105 label "Default deny rule IPv6"
block out  inet6 all tracker 1000000106 label "Default deny rule IPv6"
.....

    The third block rule is your rule in action.
    inet6 = IPv6.
    and the label is the text identifier you saw : ""Default deny rule IPv6"

    This file is the actual rule set loaded into the firewall.
    You control some parts with the GUI firewall rules Firewall > Rules > ........ (and NAT rules, etc)

    1
  • W

    Thank you Very Much! this helps a lot!!!
    Bill

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy