Text only | Text with Images

OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: opnsenuser on March 04, 2019, 10:57:18 AM

Title: DHCPv6 ports open but no service configured
Post by: opnsenuser on March 04, 2019, 10:57:18 AM
Hi everyone,
I'm running the latest release 19.1.2...
In the pfinfo, Tab: Rules I have some rules that have the following comment @ the end "allow access to DHCPv6 on LAN", but there is no DHCPv6 server active. Is this a Bug??

greetings
opnsenuser
Title: Re: DHCPv6 ports open but no service configured
Post by: marjohn56 on March 04, 2019, 07:26:28 PM
I would imagine that by default it will always allow access to its own dhcp servers on the LAN, even if you do not have it running.
Title: Re: DHCPv6 ports open but no service configured
Post by: opnsenuser on March 05, 2019, 10:41:36 AM
Hi,

Quote from: marjohn56 on March 04, 2019, 07:26:28 PM
I would imagine that by default it will always allow access to its own dhcp servers on the LAN, even if you do not have it running.

Why is there a need for open port, if no service is running?
Firewallports should only be open if they are required.

Looking in the github repo for the cause... but so far no findings :(

greetings
opnsenuser
Title: Re: DHCPv6 ports open but no service configured
Post by: marjohn56 on March 05, 2019, 01:23:05 PM
It's on the LAN side so not an issue and nothing is listening there anyway. If you feel strongly about it put a rule in to close it, just don't forget you've put it there if ever you need to run a dhcp server.
Title: Re: DHCPv6 ports open but no service configured
Post by: opnsenuser on March 05, 2019, 06:45:11 PM
Hi,
then the text below the interfaces is wrong "... Everything that isn't explicitly passed is blocked by default."
That should be valid on every interface even the LAN. Only if a service on the firewalls interface is active, the required ports should be open.
Or am I wrong??

greetings
opnsenuser
Title: Re: DHCPv6 ports open but no service configured
Post by: marjohn56 on March 05, 2019, 06:52:48 PM
If you feel its an issue then please raise an issue on Github.


https://github.com/opnsense/core/issues (https://github.com/opnsense/core/issues)
Title: Re: DHCPv6 ports open but no service configured
Post by: franco on March 05, 2019, 07:11:35 PM
https://github.com/opnsense/core/issues/1306
Title: Re: DHCPv6 ports open but no service configured
Post by: chemlud on March 05, 2019, 07:45:05 PM
This IPv6 cluster f**k is a REAL pain. How to stop this completely? Same with built-in firewall in opensuse distributions: OOTB there is a port open for IPv6 DHCP, although everything (literally, at 3 different places in the configs) related to IPv6 is DISABLED.

Is this an NSA/GCHQ requirement, to have that in each and every software/device running? I don't want protocols I can't control with devices assigning themselves half a dozen of addresses and spamming the network with broadcast of all kind until you kill each and every instance on each and every machine. And 3 updates later the same trash is active OOTB again.

Sorry, but...
Title: Re: DHCPv6 ports open but no service configured
Post by: franco on March 05, 2019, 07:51:23 PM
(:
Text only | Text with Images