BogonIPV6 not loaded with install
-
After a fresh install among other things, the bogon tables should be loaded. That seems to be the case for the ipv4-bogon table but is not the case for the ipv6-table. Be aware of that!
After a fresh install go to diagnostics => tables => bogonsv6 and update manually. Should be fixed of course.
Louis
-
after a fresh install bogons need to be downloaded,
under System / Advanced / Firewall & NAT
as you can see it can take a week, I think the default is a month to download the list the first time
moreover the time of download is randomly generated -
That is IMHO not OK at all !! ....
You want to have bogon protection from the moment the FW become active !! So I stay with my option that this is a severe security bug!
Louis
-
Any copy of bogons included in the installer will be out of date by the time it's used. That is unacceptable for those with IPv6 as that list is constantly changing and new deployments could be blocked out of the box.
The bogons are automatically downloaded at the end of the setup wizard in the GUI that shows up on your first login. If you don't have them, then you skipped the wizard, so didn't technically complete the installation process.
They can also be updated manually from Diag > Tables. Otherwise they are updated periodically.
-
IMHO, that is not the correct sequence.
To start with, I am not installing from scratch. If I have to install pfSence for some reason I use two USB-sticky's.
- One being the boot disk containing the build I need to install
- Second an USB-stick with the config which should be used during setup
In that scenario, the bogonsV6 table is not updated. I did test that a couple of times (and did report about that earlier).
In my opinion actions like .e.g. updating bogon tables, should start right after each install sequence, independent of the way that sequence is started or what is next.
Louis
-
You are free to submit a PR that makes the change.
-
Jim,
I will issue that change request tomorrow.
Louis
