Hey Jim, The addresses in your message are all link-local IPv6 addresses - http://en.wikipedia.org/wiki/Link-local_address#IPv6 Any interface with IPv6 enabled stack on any device on the network will have a link-local address (does not need to have a routable address assigned!) Check the interfaces on your fw and other devices on LAN - the ending bits of the link-local address usually are specific to the MAC address of the device that's using the address, IE fe80::20c:29ff:feca:a0be belongs to a device with MAC ending with ca:a0:be
These are being caught/logged by the default deny rule, so you may want to just add another rule specifically not-logging blocks to/from fe80::/10 I don't believe you can completely disable IPv6 via webUI of pfSense - I know you can do this via /etc/rc.conf on FreeBSD, unsure for pfSense. On Apr 13, 2014, at 6:33 AM, Doug Lytle <[email protected]> wrote: > Jim Thompson wrote: >> pfSense release 2.1.2 is now available. pfSense release 2.1.2 follows less >> than a week after pfSense release 2.1.1, and is primarily a security release. > > Okay, > > I've just upgraded from 2.1.1 to 2.1.2, now I notice that my firewall > logs are being spammed with IPV6 ICMP notifications. > > I'm not on an IPV6 network and have all IPV6 options disabled. Snippet > of the logs below: > > > > Apr 13 08:26:46 lo0 Block all IPv6 (@3) > <https://192.168.145.1/diag_dns.php?host=[fe80::20c:29ff:feca:a0be]> > <https://192.168.145.1/easyrule.php?action=block&int=lo0&src=[fe80::20c:29ff:feca:a0be]&ipproto=inet6> > [fe80::20c:29ff:feca:a0be] > <https://192.168.145.1/diag_dns.php?host=[ff02::1]> > <https://192.168.145.1/easyrule.php?action=pass&int=lo0&proto=icmpv6&src=[fe80::20c:29ff:feca:a0be]&dst=[ff02::1]&dstport=&ipproto=inet6> > [ff02::1] ICMPv6 > > > Apr 13 08:26:46 LAN Block all IPv6 (@4) > <https://192.168.145.1/diag_dns.php?host=[fe80::20c:29ff:feca:a0be]> > <https://192.168.145.1/easyrule.php?action=block&int=lan&src=[fe80::20c:29ff:feca:a0be]&ipproto=inet6> > [fe80::20c:29ff:feca:a0be] > <https://192.168.145.1/diag_dns.php?host=[ff02::1]> > <https://192.168.145.1/easyrule.php?action=pass&int=lan&proto=icmpv6&src=[fe80::20c:29ff:feca:a0be]&dst=[ff02::1]&dstport=&ipproto=inet6> > [ff02::1] ICMPv6 > > > Apr 13 08:26:38 lo0 Block all IPv6 (@3) > <https://192.168.145.1/diag_dns.php?host=[fe80::20c:29ff:feca:a0be]> > <https://192.168.145.1/easyrule.php?action=block&int=lo0&src=[fe80::20c:29ff:feca:a0be]&ipproto=inet6>[fe80::20c:29ff:feca:a0be] > <https://192.168.145.1/diag_dns.php?host=[ff02::1]> > <https://192.168.145.1/easyrule.php?action=pass&int=lo0&proto=icmpv6&src=[fe80::20c:29ff:feca:a0be]&dst=[ff02::1]&dstport=&ipproto=inet6> > [ff02::1] ICMPv6 > > > > I've found nothing under the logging options that I can check to disable > these log entries. > > Suggestions? > > As a side note: > > The system is a VM under EXSi 5.10 > The system is connected to 3 interfaces (LAN, WAN, DMZ) > The system is connected to my home cable modem > > Thanks, > > Doug > > -- > Ben Franklin quote: > > "Those who would give up Essential Liberty to purchase a little Temporary > Safety, deserve neither Liberty nor Safety." > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
