Remove IPV6 (Fe80, FF02) entries from System Logs/Firewall
-
Hi
I am not using IPV6 and have it deactivated in all System/Advanced/Networking/IPv6 Options.
Yet in Status/System Logs/Firewall/Normal View, my entire log is filled with entries about:
Rule: Block all IPv6 (1000000003)
Source: [fe80::xxxx:xxxx:xxxx:xxxx]:5353
Destination: ff02::fb]:5353Is there a way to avoid these populating the log every 2 seconds?
This also prevents me from any entries that would actually matter.Thanks for any hints :)
-
@mcding there are a few ways to skin that cat.
For starts - specifically blocking IPv6 is going to put a hidden rule high up on the rules list that blocks and logs.
So really wouldn't suggest you enable that if your worried about log spam.
Unless traffic is allowed, it will be blocked by the default deny. So if you don't allow any ipv6 on your local side interfaces IPv6 will not work. But it won't log all that noise.
Now the default deny will log, but you can just create a rule on your interface your seeing the traffic to not log that traffic.
Other option is diable default deny logging and only create rules for traffic you want to log.
Other option is disable IPv6 on the device sending that noise. 5353 is mdns for IPv6..
-
@johnpoz thanks a lot for your feedback.
So if I understand you correctly, the options would be:
Option1:
When IPV6 is unticked (so inactive) there is this hidden rule that blocks (default deny) but also logs IPV6 traffic anyway.
So the workaround is to enable IPV6 traffic in the system advanced settings but then to create a top rule to block all IPV6 traffic but disable logging for that rule.
Would the rule be like this (floating rule?)
Option2:
For this case, the option would be to untick this one?
That would only impact firewall logging right? not all other logs?
Thanks again
-
@mcding yeah option 2 would just be firewall logging of the default deny rule.
It "might" turn off that logging of the block IPv6 rule as well? I haven't looked into that - but that block all IPv6 rule is different than the default deny so I would doubt turning off default deny logging would also disable logging of the do not allow IPv6 rule that is created.