DHCPv6 ports open but no service configured

[opnsenuser]

Hi everyone,
I'm running the latest release 19.1.2...
In the pfinfo, Tab: Rules I have some rules that have the following comment @ the end "allow access to DHCPv6 on LAN", but there is no DHCPv6 server active. Is this a Bug??

greetings
opnsenuser

[marjohn56]

I would imagine that by default it will always allow access to its own dhcp servers on the LAN, even if you do not have it running.

[opnsenuser]

Hi,

I would imagine that by default it will always allow access to its own dhcp servers on the LAN, even if you do not have it running.

Why is there a need for open port, if no service is running?
Firewallports should only be open if they are required.

Looking in the github repo for the cause... but so far no findings

greetings
opnsenuser

[marjohn56]

It's on the LAN side so not an issue and nothing is listening there anyway. If you feel strongly about it put a rule in to close it, just don't forget you've put it there if ever you need to run a dhcp server.

[opnsenuser]

Hi,
then the text below the interfaces is wrong "... Everything that isn't explicitly passed is blocked by default."
That should be valid on every interface even the LAN. Only if a service on the firewalls interface is active, the required ports should be open.
Or am I wrong??

greetings
opnsenuser

[marjohn56]

If you feel its an issue then please raise an issue on Github.


https://github.com/opnsense/core/issues

[franco]

https://github.com/opnsense/core/issues/1306

[chemlud]

This IPv6 cluster f**k is a REAL pain. How to stop this completely? Same with built-in firewall in opensuse distributions: OOTB there is a port open for IPv6 DHCP, although everything (literally, at 3 different places in the configs) related to IPv6 is DISABLED.

Is this an NSA/GCHQ requirement, to have that in each and every software/device running? I don't want protocols I can't control with devices assigning themselves half a dozen of addresses and spamming the network with broadcast of all kind until you kill each and every instance on each and every machine. And 3 updates later the same trash is active OOTB again.

Sorry, but...

[franco]

(: