Hi,
Hopefully someone can help me here. I am almost at a point of stopping to use this firewall. I have a fresh install of OPNsense FW OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
In the logs I have noticed [::1]:32226 [::1]:53 udp Pass all loopback IPv6.
Till now I have done the following :
- Firewall: Settings: Advanced > Uncheck Allow IPV6
- All interfaces have IPv6 as disabled (except for loopback)
- Manual rule which explicitly blocks IPv6.
Is there anything else I need to do, I have no intention of using anyform of IPv6 on my network.
Thanks
Redbull900
Quote from: redbull900 on May 17, 2023, 11:20:38 AM
I have no intention of using anyform of IPv6 on my network.
Loopback traffic does not go on your network. Most modern OS already install IPv6 by default and many prefer it. https://en.wikipedia.org/wiki/Comparison_of_IPv6_support_in_operating_systems
Try 'ping loopback' in a Windows command prompt.
Bart...
I appreciate your response, but it appears that my query has not been fully addressed. I would like to reiterate my request for assistance regarding the firewall's usage of IPv6 across all interfaces, particularly after disabling it.
I kindly ask for guidance on how to ensure that the firewall completely ceases the utilization of IPv6. It is crucial for me to disable IPv6 functionality throughout the system to align with my network requirements.
Thank you.
Then you will have to compile your own version of the firewall. You need a kernel without IPv6 support compiled in.
In linux there is a kernel boot option ipv6.disable=1 , dunno what is exactly disabled by this. But is there something comparable in BSD maybe?
I know that there might be packages requiring ipv6 these days, though...
@chemlud As far as I know there is no such tunable in FreeBSD but you have to compile a custom kernel with the "WITHOUT_INET6" parameter set.