IPV6 in my logs is making thing look untidy!



  • Ok, so this is not directly a pfSense question as the cause is Windows but you seem like a friendly lot so….
    So I know where it's coming from, the Windows 7 machines on my network that have the pseudo tunnelling virtual adapters. Having disabled IPv6 and uninstalled and/or disabled them in Device Manager, they reappear on reboot and start to fill up my logs. Trying to add an IPv6 address to the EasyRuleBlockHosts fails (which makes sense based on the limited IPv6 support in BETA at the moment). So my question is, does anyone have any idea how to prevent all this IPV6 clutter in my logs?

    Thanks.


  • Rebel Alliance Developer Netgate

    So you're already on 2.0 now?

    If so, we may have to at least pull in the log parser improvements that were done in the ipv6 branch.

    If you're on 1.2.3 there may not be anything to do but wait for 2.0.



  • Hi Jim,

    Yep, am running last Tuesday's beta build. I have a network at work that we use for clients to hook up to and it gets enough traffic to warrant putting pfsense on there to lock it down and keep an eye on traffic but if it does bite the dust (usually down to a config error by yours truly), it's not a major disaster.

    Cal.


  • Rebel Alliance Developer Netgate



  • I'd happily try this if 1). I knew how to adjust files within pfSense (I'm guessing through a SSH connection?…) and 2). What it was going to do/what should I look for once this patch is implemented to help you ascertain if it worked.

    Cal.



  • You can use the edit file option from the diag menu.



  • Wow, that's great! Didn't know that was a feature. Ok, file edited. All seems ok. Jim, can you tell me what it is exactly that that addition to the filter_log.inc file should do so that I can report back to you if it has indeed worked. Should it allow me to add IPv6 addresses to the EasyRuleBlockHosts alias?

    Thanks.


  • Rebel Alliance Developer Netgate

    no, it won't do anything to easy rule.

    The path, filename, and line number are all on the link I posted earlier. The green text is what to add.



  • Yep, I've added the addition shown in green. Just wondering what to look for in pfSense now to confirm if he change (whatever it was) was successful.


  • Rebel Alliance Developer Netgate

    If the appearance of ipv6 in the log looks better, that would be all that shows



  • Can't see any difference I'm afraid. Ultimately, my goal was to just prevent them from appearing in my logs as they mean nothing in my scenario as I'm not using IPv6. Pic attached for ref.




  • Callahan,

    Under System-Advanced-Networking Tab, Do you have Allow IPv6 checked? If so, uncheck it and see if that works for you… I notice if I have it check, I see IPv6 traffic in my log but if its uncheck I don't see any...



  • Hi Cino,

    Thanks for the suggestion but I don't have it ticked. Not sure how much work would be involved to add in a way to block IPv6 from the logs but it seems that it's a feature that should be there if the option to block them is given, it kind of makes sense to give the option to block them from the logs. I'm saying this with utterly no knowledge of the work involved to add this feature in mind you!
    :)



  • on plain 1.2.3 or 2.0 Beta you should never see IPv6 traffic in the logs.

    Only if the "Allow IPv6" checkbox is enabled will you see this traffic.



  • That's not the case for me. Check the attachments showing version number, the unticked boxes and the IPv6 packets in the logs. This happens on both my work setup and my home setup.



    ![allow ipv6.png](/public/imported_attachments/1/allow ipv6.png)
    ![allow ipv6.png_thumb](/public/imported_attachments/1/allow ipv6.png_thumb)
    ![fw log.png](/public/imported_attachments/1/fw log.png)
    ![fw log.png_thumb](/public/imported_attachments/1/fw log.png_thumb)


Locked