Bug #3159
closed
inconsistency in IPv6 logging
0%
Description
these are the relevant configuration settings:
Advanced: Networking -> "Allow IPv6" is unchecked
Status: System logs: Settings -> "log packets blocked by the default rule" is checked
the contents of the log include IPv6 traffic
since IPv6 traffic is not allowed, it should be silently dropped on all interfaces
Updated by Chris Buechler over 10 years ago
- Status changed from New to Rejected
it's not inconsistent. If you're logging things blocked by default deny, the IPv6 block logging is enabled too. If you're not, it's not.
Updated by winston smith over 10 years ago
Chris Buechler wrote:
it's not inconsistent. If you're logging things blocked by default deny, the IPv6 block logging is enabled too. If you're not, it's not.
if "allow ipv6" is false, then there shouldn't be ipv6 events raised.
at a minimum, relocate the "block all ipv6" rule to the end so that a user defined drop all ipv6 silently rule can be created to supercede the system one.
Updated by Chris Buechler over 10 years ago
No, default deny rules should be consistent in their logging. They are. What you're proposing is the opposite of consistent. There are ways to accommodate what you want by configuring accordingly, what's there now is consistent, proper behavior.