OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: HenrysCat on August 04, 2021, 08:15:50 am

Title: IPv6 RFC4890 requirements (ICMP) in firewall log
Post by: HenrysCat on August 04, 2021, 08:15:50 am

Since updating to 21.7 the firewall log now has IPv6 RFC4890 requirements (ICMP) on every other line.

(https://i.imgrpost.com/imgr/2021/08/04/log.md.png) (https://imgrpost.com/image/gka7s)

Any ideas how get rid?

Thanks all

Title: Re: IPv6 RFC4890 requirements (ICMP) in firewall log
Post by: franco on August 04, 2021, 09:17:24 am

Disable default pass rule logging under System: Settings: Logging.


Cheers,
Franco

Title: Re: IPv6 RFC4890 requirements (ICMP) in firewall log
Post by: franco on August 04, 2021, 09:32:32 am

Actually, looking at the screenshot this is due to the kernel patch to unhide the NAT logging. I'm not entirely sure the system correctly sets the log directive, but hopefully it should.


Cheers,
Franco

Title: Re: IPv6 RFC4890 requirements (ICMP) in firewall log
Post by: HenrysCat on August 04, 2021, 10:10:42 am

Already disabled, I think

(https://i.imgrpost.com/imgr/2021/08/04/settings.md.png) (https://imgrpost.com/image/gk5Xz)

:)

Title: Re: IPv6 RFC4890 requirements (ICMP) in firewall log
Post by: franco on August 04, 2021, 10:38:06 am

Ok, looking closer the label is simply wrong as NAT rules don't have labels and it's not even IPv6.

One of your port forward rules has logging enabled, but it didn't log correctly prior to version 21.7.


Cheers,
Franco

Title: Re: IPv6 RFC4890 requirements (ICMP) in firewall log
Post by: HenrysCat on August 04, 2021, 10:54:06 am

I see, all my port forward rules have logging enabled.

Thanks

Title: Re: IPv6 RFC4890 requirements (ICMP) in firewall log
Post by: HenrysCat on August 05, 2021, 06:59:21 pm

Updated to 21.7.1 now all the blue lines say "rdr rule"
Is there really no way to get this back to how it was on 21.1?

Title: Re: IPv6 RFC4890 requirements (ICMP) in firewall log
Post by: franco on August 06, 2021, 07:56:36 am

Someone reported NAT rules not logging under these conditions. A bug was fixed. NAT logging is adhered to now. I would say no.

Why are you logging the NAT rules? Are you using an associated filter rule?


Cheers,
Franco

Title: Re: IPv6 RFC4890 requirements (ICMP) in firewall log
Post by: HenrysCat on August 06, 2021, 09:38:14 am

Quote from: franco on August 06, 2021, 07:56:36 am

Why are you logging the NAT rules? Are you using an associated filter rule?

I use GeoIP and want to see who is constantly trying to connect from the unblocked country, these persistent attackers are then added to a custom block list.

Title: Re: IPv6 RFC4890 requirements (ICMP) in firewall log
Post by: franco on August 06, 2021, 09:40:36 am

Ok, if you use an unassociated filter rule you can set logging on the WAN rule and disable logging on the NAT.


Cheers,
Franco

Title: Re: IPv6 RFC4890 requirements (ICMP) in firewall log
Post by: HenrysCat on August 06, 2021, 09:47:20 am

Excellent, that works
Thank you  :)

Title: Re: IPv6 RFC4890 requirements (ICMP) in firewall log
Post by: cookiemonster on August 06, 2021, 09:57:54 am

Indeed we wanted to see this additional logging on the NAT because usually there are redirects that lacked observability whithout it. I'm glad it can be kept.

Title: Re: IPv6 RFC4890 requirements (ICMP) in firewall log
Post by: franco on August 06, 2021, 10:01:07 am

The NAT log is also pre-NAT now as opposed to post-NAT before. I do believe this change is very helpful because before there was too much context missing.


Cheers,
Franco