Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall being swamped by IPv6 RFC4890 requirements (ICMP) items.
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall being swamped by IPv6 RFC4890 requirements (ICMP) items. (Read 401 times)
MknSubnets
Newbie
Posts: 9
Karma: 0
Firewall being swamped by IPv6 RFC4890 requirements (ICMP) items.
«
on:
August 24, 2024, 05:59:11 am »
I have been having issue with the firewall having a ton of these items "IPv6 RFC4890 requirements (ICMP)" in the Firewall Live view. I installed Unbound and IDS / IPS recently as well as Ntopng and Redis. I am not 100% sure what is causing it.
Any assistance would be appreciated or do I just ignore it ?
Thanks
Logged
meyergru
Hero Member
Posts: 1694
Karma: 166
IT Aficionado
Re: Firewall being swamped by IPv6 RFC4890 requirements (ICMP) items.
«
Reply #1 on:
August 24, 2024, 01:15:58 pm »
You obviously enabled logging of default pass rules under: Firewall: Settings: Advanced -> Logging
Usually, those are not very interesting. You can look at the details of these packets to find which client(s) is/are causing them and what specifically are the requests.
E.g., ICMP does not have to be ping, it can also be neighbour discovery, which is perfectly normal.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
MknSubnets
Newbie
Posts: 9
Karma: 0
Re: Firewall being swamped by IPv6 RFC4890 requirements (ICMP) items.
«
Reply #2 on:
August 24, 2024, 10:37:25 pm »
Thanks. I can filter them from the live log view but I cannot eliminate them from the Firewall view in the dashboard. I guess it is what it is. If I disable it .. then my firewall live view shows nothing.
Logged
meyergru
Hero Member
Posts: 1694
Karma: 166
IT Aficionado
Re: Firewall being swamped by IPv6 RFC4890 requirements (ICMP) items.
«
Reply #3 on:
August 25, 2024, 07:58:10 am »
Yes, you can and I already told you, where the setting is, see attached picture. And if your firewall log does not show anything else, then either that is a good thing (tm), or you have not enabled logging for "default block" or your specific rules at all or you are behind CG NAT or have double NAT of some kind such that you are not being scanned or you do not see it.
«
Last Edit: August 25, 2024, 08:00:57 am by meyergru
»
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall being swamped by IPv6 RFC4890 requirements (ICMP) items.