IPV6 leases stuck in address pool no way to delete
-
Am in the middle of a malicious attack which is using IPV6 to maneuver my firewall rules even though I have set IPV6 to be disabled. I am currently unable to connect to the internet with the settings which were working earlier today.
One of the common things I have noted about the attack is my clients tend to use spoofed network interfaces or tunnels to get past protection. Within Pfsense the NDP Table contains IPV6 connections to my devices, which I know are attempting to connect using ipv4.
When I attempt to delete the entries I get the message "is not a valid IP address and could not be deleted" is there any way I could delete these entries manually on the console itself? I have a feeling these are overriding ipv4 settings which are causing my connection to fail.
Any help would be massively appreciated as I have been suffering with attacks for months
-
Not sure why you think that is some sort of lease? Nor what rabbit hole you went down that you think you should delete an interfaces link-local address?
Those are the link-local address of pfsense own interfaces..
You can disable IPv6 in pfsense, this doesn't remove the under laying IPv6 support in the OS, ie link-local addresses on the interfaces..
