Hello, I noticed while configuring rules for PF that my machine is sending router solicitations down the vether0 interface, even though I did not enable inet6 on it. If I run ifconfig, there are no entries for inet6. My setup is as follows:
I have re0 (motherboard ethernet), re1 (ethernet card with single port), and re2-re5 (multiport nic). re0, re2, re3, re4, and re5 are bridged with vether0. re1 is used for egress; all other are for an internal network. pf is set to pass all in and out of re0, re2, re3, re4, and re5. PF is set to default deny. There are no rules that are set that allow IPv6 to pass. IPv6 is enabled for the loopback device. Even though vether0 does not have inet6 enabled on it, the system is still sending router solicitations. I get the following in the pflog: block out on vether0: fe80::xxxx:xxxx:xxxx:xxxx > ff02::2: icmp6: router solicitation I replaced the exact LL address with X values, but that address does not appear in ifconfig. I was concerned that this could potentially be a security vulnerability, but I don't have the equipment to test if the solicitation makes it onto the internal network. Thank you, Brian
