Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remove IPV6 (Fe80, FF02) entries from System Logs/Firewall

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      McDing
      last edited by

      Hi

      I am not using IPV6 and have it deactivated in all System/Advanced/Networking/IPv6 Options.

      Yet in Status/System Logs/Firewall/Normal View, my entire log is filled with entries about:
      Rule: Block all IPv6 (1000000003)
      Source: [fe80::xxxx:xxxx:xxxx:xxxx]:5353
      Destination: ff02::fb]:5353

      Is there a way to avoid these populating the log every 2 seconds?
      This also prevents me from any entries that would actually matter.

      Thanks for any hints :)

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @McDing
        last edited by

        @mcding there are a few ways to skin that cat.

        For starts - specifically blocking IPv6 is going to put a hidden rule high up on the rules list that blocks and logs.

        So really wouldn't suggest you enable that if your worried about log spam.

        Unless traffic is allowed, it will be blocked by the default deny. So if you don't allow any ipv6 on your local side interfaces IPv6 will not work. But it won't log all that noise.

        Now the default deny will log, but you can just create a rule on your interface your seeing the traffic to not log that traffic.

        Other option is diable default deny logging and only create rules for traffic you want to log.

        Other option is disable IPv6 on the device sending that noise. 5353 is mdns for IPv6..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • M
          McDing
          last edited by

          @johnpoz thanks a lot for your feedback.

          So if I understand you correctly, the options would be:

          Option1:
          When IPV6 is unticked (so inactive) there is this hidden rule that blocks (default deny) but also logs IPV6 traffic anyway.
          So the workaround is to enable IPV6 traffic in the system advanced settings but then to create a top rule to block all IPV6 traffic but disable logging for that rule.
          Would the rule be like this (floating rule?)
          IPV6_Rule.png

          Option2:
          For this case, the option would be to untick this one?
          That would only impact firewall logging right? not all other logs?
          option2.png

          Thanks again

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @McDing
            last edited by

            @mcding yeah option 2 would just be firewall logging of the default deny rule.

            It "might" turn off that logging of the block IPv6 rule as well? I haven't looked into that - but that block all IPv6 rule is different than the default deny so I would doubt turning off default deny logging would also disable logging of the do not allow IPv6 rule that is created.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.