question about blocked ipv6 icmp in firewall logs

[packet loss]

I constantly see blocked ipv6 icmp traffic in my firewall logs. It's from the same source and destination all the time. My ISP provides me with an ipv4 ip address. I disabled ipv6 in OPNsense. I would like to know why I'm seeing so much ipv6 icmp blocked traffic specifically from the same source and destination?

[franco]

IPv6 is only completely blocked, not removed from the kernel so some facilities like link-local addresses still pop up and try to communicate. Some software services even communicate using IPv6 addresses with their child processes. It's only natural that this shows up on the logs. I think some tweaking can be done in the "System: Settings: Logs/Reports" page WRT logging on/off for standard rules.

What you're seeing there is Router Advertisement in action, the link local IPv6 probes the link-local multicast address for information. The link-local IPv6 is probably from your WAN interface. You can run ifconfig on the command line to confirm this.

[packet loss]

This is occurring every 5 seconds which is excessive. Is radvd causing this?

[franco]

I don't think radvd is running.. you can confirm by:

# pgrep radvd

It's the kernel probing, maybe it can be disabled via sysctl, but I'd have to read up on this as well.

[franco]

https://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/ipv6.html

Section 8.1.1.4.2. may be related.

[packet loss]

Good information. Thanks for taking the time out of your coding to answer this question.