How to Turn off IPv6 in System Logs > Firewall?



  • Hello all,

    Since upgrading to 2.1 my firewall logs are in IPv6, but I'd rather have them in IPv4 like they were before the upgrade. I haven't been able to find the option to do so.

    Thanks everyone


  • Rebel Alliance Developer Netgate

    You may be getting something confused there.

    The logs will show both kinds of traffic, IPv4 and IPv6, whichever generates a log message.

    If you're seeing IPv6 blocked there, it is because it was blocked by the rules. IPv4 log messages will still show up when they happen.

    If you want to block and not log IPv6, you could set the option to allow IPv6 and then block IPv6 with a floating tab rule that does not have "log" checked.



  • You're right. I had never seen a logged IPv6 packet until the upgrade and every single packet in the log was IPv6, so I assumed (incorrectly) it was converting all the IPv4 addresses to IPv6.

    I apologize!



  • @jimp:

    You may be getting something confused there.

    The logs will show both kinds of traffic, IPv4 and IPv6, whichever generates a log message.

    If you're seeing IPv6 blocked there, it is because it was blocked by the rules. IPv4 log messages will still show up when they happen.

    If you want to block and not log IPv6, you could set the option to allow IPv6 and then block IPv6 with a floating tab rule that does not have "log" checked.

    Can you please clarify your proposed solution for me?  I'd like to stop logging all the blocked mulicast traffic I'm seeing in the logs, but I don't quite understand your solution. 
    "allow IPv6 and then block IPv6…."  ???



  • Can I revive this thread?
    Why if IPv6 is disabled would you continue to have it logged in the firewall. Surely the default block rule which is created when you untick "enable ipv6" should be to not log, or at least give the user the option.
    As others have said, when you disable ipv6 it spams your log file with multicast ipv6 blocked logs.


  • Rebel Alliance Developer Netgate

    The thinking is: If you have IPv6 disabled, you'd want to be notified that people are attempting to use IPv6 when you told the firewall you do not want IPv6 to be used. It's a security measure.

    If you want to ignore IPv6, enable it and add some floating rules to block w/o logging.


Log in to reply