OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: azdps on January 15, 2016, 08:51:35 pm

Title: question about blocked ipv6 icmp in firewall logs
Post by: azdps on January 15, 2016, 08:51:35 pm
I constantly see blocked ipv6 icmp traffic in my firewall logs. It's from the same source and destination all the time. My ISP provides me with an ipv4 ip address. I disabled ipv6 in OPNsense. I would like to know why I'm seeing so much ipv6 icmp blocked traffic specifically from the same source and destination?


(http://i67.tinypic.com/2qtwwhc.jpg)
Title: Re: question about blocked ipv6 icmp in firewall logs
Post by: franco on January 15, 2016, 09:44:14 pm
IPv6 is only completely blocked, not removed from the kernel so some facilities like link-local addresses still pop up and try to communicate. Some software services even communicate using IPv6 addresses with their child processes. It's only natural that this shows up on the logs. I think some tweaking can be done in the "System: Settings: Logs/Reports" page WRT logging on/off for standard rules.

What you're seeing there is Router Advertisement in action, the link local IPv6 probes the link-local multicast address for information. The link-local IPv6 is probably from your WAN interface. You can run ifconfig on the command line to confirm this.
Title: Re: question about blocked ipv6 icmp in firewall logs
Post by: azdps on January 16, 2016, 06:42:03 am
This is occurring every 5 seconds which is excessive. Is radvd causing this?
Title: Re: question about blocked ipv6 icmp in firewall logs
Post by: franco on January 16, 2016, 10:48:31 am
I don't think radvd is running.. you can confirm by:

# pgrep radvd

It's the kernel probing, maybe it can be disabled via sysctl, but I'd have to read up on this as well.
Title: Re: question about blocked ipv6 icmp in firewall logs
Post by: franco on January 16, 2016, 10:50:23 am
https://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/ipv6.html

Section 8.1.1.4.2. may be related.
Title: Re: question about blocked ipv6 icmp in firewall logs
Post by: azdps on January 16, 2016, 03:57:59 pm
Good information. Thanks for taking the time out of your coding to answer this question.