Firewall log flooded with these messages
-
I am seeing a huge swathe of these messages in the firewall log from multicast DNS traffic:
Sep 3 12:08:11 LAN Default deny rule IPv6 (1000000105) [fe80::858:2808:20a4:48fb]:5353 [ff02::fb]:5353 UDP
The strange things is that I have a rule earlier in the LAN interface ruleset that allows 'IPv6 any' to network f::/4, yet somehow it doesn't match this traffic???
Two questions:
-
Should this traffic be being blocked? If so is there anyway to suppress the logging of it?
-
Why doesn't my rule match this traffic?
Note that I do not want to create an IPv6 any -> any rule as I do need to restrict (most) outbound IPv6 traffic.
-
-
@chrisjenk said in Firewall log flooded with these messages:
to network f::/4, yet somehow it doesn't match this traffic
Why would you think that would match? The range of f::/4 would be like
0000:0000:0000:0000:0000:0000:0000:0000
to
0fff:ffff:ffff:ffff:ffff:ffff:ffff:ffffEven if it did - why would you open up such a wide area?
Multicast dns is always going to be to ff02::fb, so just set your rule for that
As to blocking it - its blocked by default, if you don't want to log it then create a rule that doesn't log traffic to ff02::fb,
Only reason you would need to allow that is if you were doing something with avahi. pfsense not going to answer a mdns query, and its not going to route it anywhere either.
