Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with firewall and ICMPv6

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 1 Posters 956 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      koan
      last edited by

      My firewall is flooded with entries like the one below, so much so that it effectively disabled another machine taking syslog data.
      This started today
      I confess i am completely clueless here.

      2.1-RELEASE (i386)
      built on Wed Sep 11 18:16:22 EDT 2013
      FreeBSD 8.3-RELEASE-p11

      Jan 18 01:45:45 WAN [::201:5cff:fe64:] [ff02::1:ff51:****] ICMPv6

      FYI I added some * in the addresses above.
      I have completely formatted the drive, reinstalled and left pfsense at defaults (other than DHCP and static routes) but it continues.
      In addition this is going on in system logs: syslogd: kernel boot file is /boot/kernel/kernel
      Jan 18 01:39:20 syslogd: exiting on signal 15, over and over.

      1 Reply Last reply Reply Quote 0
      • K
        koan
        last edited by

        :-[  this worked…
        http://forum.pfsense.org/index.php/topic,63261.msg342112.html#msg342112
        :-[

        UPDATE:

        After an hour or so the messages came back, basically they are ipv6 DNS multicast and various "normal" traffic.

        I found that shutting off ipv6 on the OSX machines and Linux machines solved most of the traffic but the single biggest problem was the wireless router, switching this to "local link only" solved that issue.
        No more ipv6 multicast DNS request and spam.

        Literally everything going through the router generated a response.
        Manual blocking rules didn't stop it, EasyRuleBlock didn't stop it, tried every variation I could find, only shutting off ipv6 on all the machines solved my problem, most likely not an option for most people.
        If you're curious:
        [quote]sudo nano /etc/default/grub

        Find the line that contain "GRUB_CMDLINE_LINUX_DEFAULT":

        GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

        Add "ipv6.disable=1" to the boot option, then save your grub file:

        GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"

        Finally, update grub:

        sudo update-gru

        OSX

        networksetup -listallnetworkservices
        networksetup -setv6off Ethernet

        Win7 does not seem to be a problem.

        I apologize if this is already known or useless information, as I confessed I'm a neophyte and these things are challenging for me.

        1 Reply Last reply Reply Quote 0
        • K
          koan
          last edited by

          Bump.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.