OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: cguilford on October 25, 2018, 08:24:06 pm

Title: IPV6 being blocked?
Post by: cguilford on October 25, 2018, 08:24:06 pm

I'm getting the following in my Firewall Logs...
   lan      Oct 25 14:18:44   [fe80::6c3a:297e:xxxx:xxxx]:51968   [2001:470:1:18::125]:80   TCP   Default deny rule   

My Lan rules are all Defaulted to normal for IPV6
IPv6 *    LAN net    *    *    *    *       Default allow LAN IPv6 to any rule


I'm confused as to why it is blocking IPV6 on the Lan?

I'm running 18.7.6 so freshly upgraded.  I had IPV6 turned off on the Lan before because it would stop working after a few days and would have to always wind up rebooting everything to get it to clear up, I figured I would try it after the upgrade and I'm seeing this, I've rebooted the firewall as well as the box I'm trying to connect to.

Title: Re: IPV6 being blocked?
Post by: franco on October 26, 2018, 07:42:06 am

State tracking drops this traffic because it has not seem the start of the TCP connection. That's where the default rule starts blocking. :)


Cheers,
Franco

Title: Re: IPV6 being blocked?
Post by: cguilford on October 26, 2018, 01:37:03 pm

How do I resolve this issue?  Seem to be getting alot more of these?

lan      Oct 26 07:35:38   [fe80::22df:b9ff:xxxx:xxx]:52910   [2001:4860:4860::6464]:53   UDP   Default deny rule   
   

Title: Re: IPV6 being blocked?
Post by: franco on October 29, 2018, 08:16:20 am

If you see it as a firewall issue instead of a client issue with potential security implications -- the client copes with this anyway -- you can disable state tracking in your default IPv6 pass rules under advanced.


Cheers,
Franco