Ipv6 link local blocked by firewall

  • I started looking more at my firewall logs and seeing alot of ipv6 link local multicast traffic (source is a link local ipv6 address and destination ff02::* traffic) blocked in the LAN port by the default deny rule.

    My guess is, this isn't actually blocking it, since the link local traffic is probably being picked up off the switch by everyone else, and that pfsense is simply seeing this come in and blocking it (since the default allow any ipv6 rule is set to source IPV6 LAN NET.

    Can anyone explain why this is?  Why is the default source for the default allow ipv6 to any rule set for LAN NET and not any?  The WAN firewall should be already preventing access into LAN from outside.  Is this simply to protect from packets between different interfaces on the pfsense router?

  • Banned

    It is as it is to flood logs with useless junk. I've even filed a bug about this, only to be told that it's by design. Allow or block the traffic via a separate rule without logging.

  • I had to create a pass rule for IPV6 from any to any for it to go away.  I turned off IPV6 on all my windows and linux boxes, but it still persists.  I think it mostly Apple TV and other Apple devices.

Log in to reply