On 2018/12/16 19:54, Brian Dicks wrote: > Hello, > > I noticed while configuring rules for PF that my machine is sending router > solicitations down the vether0 interface, even though I did not enable > inet6 on it. If I run ifconfig, there are no entries for inet6. My setup is > as follows: > > I have re0 (motherboard ethernet), re1 (ethernet card with single port), > and re2-re5 (multiport nic). re0, re2, re3, re4, and re5 are bridged with > vether0. re1 is used for egress; all other are for an internal network. > > pf is set to pass all in and out of re0, re2, re3, re4, and re5. PF is set > to default deny. There are no rules that are set that allow IPv6 to pass. > IPv6 is enabled for the loopback device. > > Even though vether0 does not have inet6 enabled on it, the system is still > sending router solicitations. I get the following in the pflog: > > block out on vether0: fe80::xxxx:xxxx:xxxx:xxxx > ff02::2: icmp6: router > solicitation > > I replaced the exact LL address with X values, but that address does not > appear in ifconfig. > > I was concerned that this could potentially be a security vulnerability, > but I don't have the equipment to test if the solicitation makes it onto > the internal network. > > Thank you, > Brian
Seems more likely that it's from some other device on one of your bridged ports. Check the MAC address (either decoded from the fe80:: v6 address or run tcpdump -e and check it there) against machines on your network.
