Empêcher l'abandon des packages de sollicitation de routeur IPv6 (Type 133)

Je vois des inputs de journal telles que les suivantes, qui apparaissent à intervalles réguliers de 4 secondes:

Jan 22 19:31:00 tara kernel: OUT-global:IN= OUT=enp3s0f2 SRC=fe80:0000:0000:0000:56e4:c37c:30cc:668f DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=158870 PROTO=ICMPv6 TYPE=133 CODE=0 Jan 22 19:31:04 tara kernel: OUT-global:IN= OUT=enp3s0f2 SRC=fe80:0000:0000:0000:56e4:c37c:30cc:668f DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=158870 PROTO=ICMPv6 TYPE=133 CODE=0 Jan 22 19:31:08 tara kernel: OUT-global:IN= OUT=enp3s0f2 SRC=fe80:0000:0000:0000:56e4:c37c:30cc:668f DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=158870 PROTO=ICMPv6 TYPE=133 CODE=0 Jan 22 19:31:12 tara kernel: OUT-global:IN= OUT=enp3s0f2 SRC=fe80:0000:0000:0000:56e4:c37c:30cc:668f DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=158870 PROTO=ICMPv6 TYPE=133 CODE=0 

RFC4890 – Recommandations pour le filtrage des messages ICMPv6 dans les pare – feu répertorie la Router Solicitation (Type 133) dans la Section 4.4.1 - Traffic That Must Not Be Dropped .

Mais il semble que ma configuration est en effet les laisser tomber.

Mes iptables sont générés par firehol , configuré ainsi:

 version 6 # ssh on port 5090 (ssh is a built-in service name) server_ssh_hidden_ports="tcp/5090" client_ssh_hidden_ports="default" # mosh server_mosh_ports="udp/60001:60020" # Mosh uses 60001 to 60999 counting up client_mosh_ports="default" # NoMachine (nxserver is a built-in, but seemingly on incorrect ports) server_nomachine_ports="tcp/4000" client_nomachine_ports="default" # Deluge server_deluge_ports="tcp/8112" client_deluge_ports="default" # Zerotier-one interface zt0 zerotier policy reject # be nicer than default "drop" on internal network protection strong server "ssh_hidden mosh" accept with limit 8/min 10 # rate/period [burst] server "nomachine deluge" accept with limit 8/min 10 # rate/period [burst] #server "ssh_hidden nomachine" accept with recent recent-zerotier 30 6 # name, seconds, attempts per period client all accept # All interfaces - look at fallthrough if putting this non-last as it didn't work without it interface any global protection strong server ssh_hidden accept with limit 8/min 10 client all accept 

Comment supprimer ces messages de journal bruyants?

Comme mentionné dans FireHOL IPv6 Setup , ajoutez ce qui suit en haut de votre firehol.conf :

 ipv6 interface any v6interop proto icmpv6 client ipv6neigh accept server ipv6neigh accept client ipv6mld accept client ipv6router accept policy return