Help with firewall and ICMPv6

  • My firewall is flooded with entries like the one below, so much so that it effectively disabled another machine taking syslog data.
    This started today
    I confess i am completely clueless here.

    2.1-RELEASE (i386)
    built on Wed Sep 11 18:16:22 EDT 2013
    FreeBSD 8.3-RELEASE-p11

    Jan 18 01:45:45 WAN [::201:5cff:fe64:] [ff02::1:ff51:****] ICMPv6

    FYI I added some * in the addresses above.
    I have completely formatted the drive, reinstalled and left pfsense at defaults (other than DHCP and static routes) but it continues.
    In addition this is going on in system logs: syslogd: kernel boot file is /boot/kernel/kernel
    Jan 18 01:39:20 syslogd: exiting on signal 15, over and over.

  • :-[  this worked…,63261.msg342112.html#msg342112


    After an hour or so the messages came back, basically they are ipv6 DNS multicast and various "normal" traffic.

    I found that shutting off ipv6 on the OSX machines and Linux machines solved most of the traffic but the single biggest problem was the wireless router, switching this to "local link only" solved that issue.
    No more ipv6 multicast DNS request and spam.

    Literally everything going through the router generated a response.
    Manual blocking rules didn't stop it, EasyRuleBlock didn't stop it, tried every variation I could find, only shutting off ipv6 on all the machines solved my problem, most likely not an option for most people.
    If you're curious:
    [quote]sudo nano /etc/default/grub

    Find the line that contain "GRUB_CMDLINE_LINUX_DEFAULT":


    Add "ipv6.disable=1" to the boot option, then save your grub file:

    GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"

    Finally, update grub:

    sudo update-gru


    networksetup -listallnetworkservices
    networksetup -setv6off Ethernet

    Win7 does not seem to be a problem.

    I apologize if this is already known or useless information, as I confessed I'm a neophyte and these things are challenging for me.

  • Bump.

Log in to reply