IPV6 in my logs is making thing look untidy!

Callahan

Ok, so this is not directly a pfSense question as the cause is Windows but you seem like a friendly lot so….
So I know where it's coming from, the Windows 7 machines on my network that have the pseudo tunnelling virtual adapters. Having disabled IPv6 and uninstalled and/or disabled them in Device Manager, they reappear on reboot and start to fill up my logs. Trying to add an IPv6 address to the EasyRuleBlockHosts fails (which makes sense based on the limited IPv6 support in BETA at the moment). So my question is, does anyone have any idea how to prevent all this IPV6 clutter in my logs?

Thanks.

jimp

So you're already on 2.0 now?

If so, we may have to at least pull in the log parser improvements that were done in the ipv6 branch.

If you're on 1.2.3 there may not be anything to do but wait for 2.0.

Callahan

Hi Jim,

Yep, am running last Tuesday's beta build. I have a network at work that we use for clients to hook up to and it gets enough traffic to warrant putting pfsense on there to lock it down and keep an eye on traffic but if it does bite the dust (usually down to a config error by yours truly), it's not a major disaster.

Cal.

jimp

You can try this patch, see if it helps:

https://rcs.pfsense.org/projects/pfsense/repos/pfSense-smos/commits/2259901018552f8a8432e295b8d6064fa918cda0

Callahan

I'd happily try this if 1). I knew how to adjust files within pfSense (I'm guessing through a SSH connection?…) and 2). What it was going to do/what should I look for once this patch is implemented to help you ascertain if it worked.

Cal.

databeestje

You can use the edit file option from the diag menu.

Callahan

Wow, that's great! Didn't know that was a feature. Ok, file edited. All seems ok. Jim, can you tell me what it is exactly that that addition to the filter_log.inc file should do so that I can report back to you if it has indeed worked. Should it allow me to add IPv6 addresses to the EasyRuleBlockHosts alias?

Thanks.

jimp

no, it won't do anything to easy rule.

The path, filename, and line number are all on the link I posted earlier. The green text is what to add.

Callahan

Yep, I've added the addition shown in green. Just wondering what to look for in pfSense now to confirm if he change (whatever it was) was successful.

jimp

If the appearance of ipv6 in the log looks better, that would be all that shows

Callahan

Can't see any difference I'm afraid. Ultimately, my goal was to just prevent them from appearing in my logs as they mean nothing in my scenario as I'm not using IPv6. Pic attached for ref.

Cino

Callahan,

Under System-Advanced-Networking Tab, Do you have Allow IPv6 checked? If so, uncheck it and see if that works for you… I notice if I have it check, I see IPv6 traffic in my log but if its uncheck I don't see any...

Callahan

Hi Cino,

Thanks for the suggestion but I don't have it ticked. Not sure how much work would be involved to add in a way to block IPv6 from the logs but it seems that it's a feature that should be there if the option to block them is given, it kind of makes sense to give the option to block them from the logs. I'm saying this with utterly no knowledge of the work involved to add this feature in mind you!
:)

databeestje

on plain 1.2.3 or 2.0 Beta you should never see IPv6 traffic in the logs.

Only if the "Allow IPv6" checkbox is enabled will you see this traffic.

Callahan

That's not the case for me. Check the attachments showing version number, the unticked boxes and the IPv6 packets in the logs. This happens on both my work setup and my home setup.