# pf and ipv6



## hamba (May 14, 2009)

Hi

I have some blocked packets from ipv6 in my pf routers and was hoping someone can help.

What I'm seeing is this

```
2009-05-14 09:39:16.996168 rule 2/0(match): block in on nfe0: 10.100.100.193 > ***.***.***.***: fe80::5efe:a01:ac1 > fe80::5efe:4e81:e260: ICMP6, router solicitation, length 8
2009-05-14 09:39:20.575628 rule 2/0(match): block in on nfe0: 10.100.100.188 > ***.***.***.***: fe80::5efe:a01:abc > fe80::5efe:4e81:e260: ICMP6, router solicitation, length 8
2009-05-14 09:39:20.996443 rule 2/0(match): block in on nfe0: 10.100.100.193 > ***.***.***.***: fe80::5efe:a01:ac1 > fe80::5efe:4e81:e260: ICMP6, router solicitation, length 8
2009-05-14 09:39:23.996698 rule 2/0(match): block in on nfe0: 10.100.100.193 > ***.***.***.***: fe80::5efe:a01:ac1 > fe80::200:5efe:4e81:e260: ICMP6, router solicitation, length 8
```

***.***.***.*** = an ipv4 address on the internet.
I've allowed all ipv6 traffic in pf on nfe0(internal interface) but I still get them in my logs.

My first few rules are

```
block return-rst quick proto tcp all flags /S
block return-rst quick proto tcp all flags A/A
block drop log all
block return-rst log inet proto tcp all
block return-icmp(port-unr) log inet proto udp all
```

From what I see they are all coming from some of the MS Win Vista computers.

Any help in getting these out of my logs would be appreciated.

Thanks
hamba


----------



## SirDice (May 14, 2009)

fe80:: addresses are link-local addresses. As you suspect Vista machines this might be due to teredo, which is a IPv6 over IPv4 protocol and is enabled by default. With teredo IPv6 is able to traverse an IPv4 NAT, which is probably what you are seeing.


----------

