OPNsense Forum
Archive => 15.7 Legacy Series => Topic started by: packet loss on January 15, 2016, 08:51:35 pm
-
I constantly see blocked ipv6 icmp traffic in my firewall logs. It's from the same source and destination all the time. My ISP provides me with an ipv4 ip address. I disabled ipv6 in OPNsense. I would like to know why I'm seeing so much ipv6 icmp blocked traffic specifically from the same source and destination?
(http://i67.tinypic.com/2qtwwhc.jpg)
-
IPv6 is only completely blocked, not removed from the kernel so some facilities like link-local addresses still pop up and try to communicate. Some software services even communicate using IPv6 addresses with their child processes. It's only natural that this shows up on the logs. I think some tweaking can be done in the "System: Settings: Logs/Reports" page WRT logging on/off for standard rules.
What you're seeing there is Router Advertisement in action, the link local IPv6 probes the link-local multicast address for information. The link-local IPv6 is probably from your WAN interface. You can run ifconfig on the command line to confirm this.
-
This is occurring every 5 seconds which is excessive. Is radvd causing this?
-
I don't think radvd is running.. you can confirm by:
# pgrep radvd
It's the kernel probing, maybe it can be disabled via sysctl, but I'd have to read up on this as well.
-
https://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/ipv6.html
Section 8.1.1.4.2. may be related.
-
Good information. Thanks for taking the time out of your coding to answer this question.