Bug #3159
closed
inconsistency in IPv6 logging
Added by winston smith over 10 years ago.
Updated almost 9 years ago.
Affected Architecture:
i386
Description
these are the relevant configuration settings:
Advanced: Networking -> "Allow IPv6" is unchecked
Status: System logs: Settings -> "log packets blocked by the default rule" is checked
the contents of the log include IPv6 traffic
since IPv6 traffic is not allowed, it should be silently dropped on all interfaces
- Status changed from New to Rejected
it's not inconsistent. If you're logging things blocked by default deny, the IPv6 block logging is enabled too. If you're not, it's not.
Chris Buechler wrote:
it's not inconsistent. If you're logging things blocked by default deny, the IPv6 block logging is enabled too. If you're not, it's not.
if "allow ipv6" is false, then there shouldn't be ipv6 events raised.
at a minimum, relocate the "block all ipv6" rule to the end so that a user defined drop all ipv6 silently rule can be created to supercede the system one.
No, default deny rules should be consistent in their logging. They are. What you're proposing is the opposite of consistent. There are ways to accommodate what you want by configuring accordingly, what's there now is consistent, proper behavior.
- Target version deleted (
2.1)
Also available in: Atom
PDF