[SOLVED] pve-firewall log

nodea

New Member
Jun 17, 2024
4
0
1
Hi
is there anyway to disable ipv6 logging on a LXC firewall (unprivileged container)? The container doesn't have ipv6 enabled and it begins log flooding.
 
What kind of logging do you have activated? Is it for a specific rule or generic in / out logging?
 
I've enabled a "drop all" with logging as last rule rules on every stage. I don't use ipv6 at all an still getting ipv6 multicast, unpnp, etc. entries in log. All ipv4 'default' rules are covered.

cat /etc/pve/firewall/cluster.fw
Code:
[...]
IN DROP -log warning

cat /etc/pve/nodes/pve/host.fw
Code:
[...]
IN DROP -log warning

cat /etc/pve/firewall/140.fw
Code:
[...]
IN DROP -log warning
 
Last edited:
You might be able to circumvent that by using 0.0.0.0/0 as source or destination address in the logging rule, then it should only match IPv4 traffic.
 
  • Like
Reactions: nodea