Comcast IPv6 dual now working - but now lots of noise in firewall logs


  • Rebel Alliance Global Moderator

    So awhile back I had started a thread about comcast native ipv6 not working, no RA being seen, etc.

    Not getting my /64 on lan while using track interface and 0, etc.

    Well they fixed something - because now its working..  Im on comcast native ipv6, inbound to my pool ntp server on its new comcast ipv6 address working, etc.  Problem is is seeing a flood of this in my firewall log now

    block Dec 29 11:23:43 WAN fe80::201:5cff:fe31:da01 ff02::1:ff00:1 none
    block Dec 29 11:23:18 WAN fe80::201:5cff:fe31:da01 ff02::1:ff00:1 none
    block Dec 29 11:21:38 WAN fe80::201:5cff:fe31:da01 ff02::1:ff00:1 none
    block Dec 29 11:21:14 WAN fe80::201:5cff:fe31:da01 ff02::1:ff00:1 none
    block Dec 29 11:20:12 WAN fe80::201:5cff:fe31:da01 ff02::1:ff00:1 none
    block Dec 29 11:19:32 WAN fe80::201:5cff:fe31:da01 ff02::1:ff00:1 none
    block Dec 29 11:18:07 WAN fe80::201:5cff:fe31:da01 ff02::1:ff00:1 none

    that fe80::201:5cff:fe31:da01 is my gateway, but ff02::1:ff00:1 is ipv6 multicast is not?  Why is it being block by default rule?



  • Rebel Alliance Global Moderator

    So there is some more info

    Clearly its not protocol NONE Like the firewall log is saying, I captured some packets

    Protocols in frame: eth:ipv6:icmpv6

    My question is really what would be the best type of rule to not log this sort of traffic.  It's noise in the log.  And why is the protocol not listed correctly?  BTW running

    2.1-BETA1 (i386)
    built on Fri Dec 28 20:54:16 EST 2012
    FreeBSD 8.3-RELEASE-p5





Locked