Loopback entries in my firewall logs
-
Should I see this in my logs? I've never seen any entries like this before. I don't have any rules allowing IPV6 traffic on any interface.
Jan 6 13:50:58 lo0 pass IPv6 loopback (1000007813) [::1]:5973 [::1]:123 UDP
Jan 6 13:50:58 lo0 let out anything IPv6 from firewall host itself (1000007816) [::1]:5973 [::1]:123 UDP
Jan 6 13:50:58 lo0 pass IPv6 loopback (1000007813) [::1]:53352 [::1]:123 UDP
Jan 6 13:50:58 lo0 let out anything IPv6 from firewall host itself (1000007816) [::1]:53352 [::1]:123 UDP -
@ramizak do you have this checked in the log settings
Log packets matched from the default pass rules put in the ruleset
-
@johnpoz I do have logging for 3 rules, but they are very specific rules and these entries aren't associated with those rules, but I also checked the tracking IDs from the logs against those rules, and verified they were not the same.
-
@ramizak not what I was asking about - I was asking if you have this checked in the log settings
[22.05-RELEASE][admin@sg4860.local.lan]/root: cat /tmp/rules.debug | grep loopback loopback = "{ lo0 }" # loopback pass in on $loopback inet all ridentifier 1000013061 label "pass IPv4 loopback" pass out on $loopback inet all ridentifier 1000013062 label "pass IPv4 loopback" pass in on $loopback inet6 all ridentifier 1000013063 label "pass IPv6 loopback" pass out on $loopback inet6 all ridentifier 1000013064 label "pass IPv6 loopback" [22.05-RELEASE][admin@sg4860.local.lan]/root:
-
Thank you! Yes I did.... I didn't mean to have that checked, but I did. Thanks for the help. I really appreciate it!
-
@ramizak well that explains it then ;) heheh
-
@johnpoz Thanks again! I'm a loyal pfSense/Netgate fan. I'm expecting 2 more Netgate boxes tomorrow from FedEx.
-
@ramizak said in Loopback entries in my firewall logs:
I'm expecting 2 more Netgate boxes tomorrow from FedEx.
sweet.. which ones? New 8200? Are they shipping yet?
-
@johnpoz Nope. Just 2 2100s. Haven't used them yet. I'm currently running an XG-7100-1U. I'm replacing 2 UniFi USG-PRO 4s with the 2100s.
-
@ramizak while I love the unifi APs - I had a usg3p for a short time, while my 4860 was back ordered, and need something that could handle my new internet speed. Was never a fan of it, my son used it for a bit at his house. But now its just on my shelf.
I have one of their switches as well (on the shelf).. Not a fan of it either - price point was good, and its a tiny little thing - and can be powered by poe which is nice and there are for sure some use cases for such a switch. The little flex mini, just not a fan of management and configuration of anything other than their APs
Have fun with your new netgates - a late xmas present sort of to play with ;)