On 15-4-2014 7:41, Chris Buechler wrote: > On Sun, Apr 13, 2014 at 7:33 AM, Doug Lytle <[email protected]> wrote: >> Jim Thompson wrote: >>> pfSense release 2.1.2 is now available. pfSense release 2.1.2 follows less >>> than a week after pfSense release 2.1.1, and is primarily a security >>> release. >> >> Okay, >> >> I've just upgraded from 2.1.1 to 2.1.2, now I notice that my firewall >> logs are being spammed with IPV6 ICMP notifications. >> > > The "now I notice" being the key part there. Nothing related to that's > changed. If you don't check "Allow IPv6" under System>Advanced, you > have a block all rule on IPv6 with logging. Things on your LAN will > have link local addresses and spew multicast stuff. Probably want to > configure some block rules for v6 with no logging. > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list >
To be extra clear here, if you check "Allow IPv6", it won't automatically allow IPv6 traffic, it just means you can now create rules for IPv6 traffic instead of the default IPv6 deny all. Also, iirc, when the "Allow IPv6" is checked the default deny rule will log IPv6 as it will IPv4. And if you don't check "Allow IPv6" it will silently drop IPv6 traffic as it did previously. Also, if you've been using the 2.1 snapshots in 2012 and 2013 the config will had that setting enabled, which corresponds with your firewall logs. Maybe you have a upgraded config. 2.1-RELEASE and later do *not* set that on upgrade though, it was primarily for people tracking the snapshots at the time. Kind regards, Seth _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
