Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    icmpv6

    Scheduled Pinned Locked Moved IPv6
    3 Posts 2 Posters 385 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hardware_bxl
      last edited by

      Similar questions are asked before, but to my knowledge never really answered 100%.
      When blocking IPv6 in general (Advanced settings), all related blocks are logged by the default rule and if you need the default rule to log for whole other reasons, you are stuck with the flooding of the IPv6 logs in between.
      For this reason you could decide to allow IPv6 and block it with your own rules and not logging them. However, pfSense will decide for you that if you allow IPv6 that you cannot block ICMPv6 as this is needed for IPv6, which make sense, but in this case, you don't want that.
      Also you cannot easily apply a filter to view the firewall logs and exclude these from the view and even if you can, you would need to add it every time.

      Is there an easy solution? Please don't answer that you need IPv6, that is purely a choice and not related to this question.
      Thanks!

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @hardware_bxl
        last edited by

        @hardware_bxl said in icmpv6:

        When blocking IPv6 in general (Advanced settings), all related blocks are logged by the default rule and if you need the default rule to log for whole other reasons, you are stuck with the flooding of the IPv6 logs in between

        I propose another solution :
        If you don't want the IPv6 to clutter up the log, as you had to decide to "all related blocks are logged by the default rule" (normally, I guess, you don't, as already this will take a big toll on your drive) you can add your own "block IPv6 stuff" rules at the bottom of the page, and you do not check 'log this when hit'.

        Something like this :

        ad67a3b3-0599-4660-b3c1-929978058e3d-image.png

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        H 1 Reply Last reply Reply Quote 0
        • H
          hardware_bxl @Gertjan
          last edited by hardware_bxl

          @Gertjan
          Yes this would work if I not disable IPv6 in Advanced Settings and then catch the IPv6 with my own rules as you suggest.
          However, by allowing IPv6 in Advanced Settings, pfSense automatically add rules to allow any icmpv6, because this is needed for ipv6 to work.
          These rules cannot simply be overruled.
          It's not a big problem, at least I can control the logs a little better, but at least icmpv6 will be allowed and that is not something I wanted to begin with.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.