OPNsense Forum
English Forums => General Discussion => Topic started by: lxsq on March 24, 2020, 09:16:23 am
-
Hi,
I'm trying to allow TCP/UDP requests from IPv6 WAN, but the maxium prefix is 32 :'(. And I'm not able to use formats like ::xxxx/64 nor ::xxxx/::ffff, it results as The following input errors were detected: ::xxxx/64 is not a valid destination IP address or alias.. Any ways to solve this? Thanks for any kinds of help.
-
I stumbled over that myself, it seems to be a feature, but then I first though it to be a bug, so it might be a typical way of interpretation.
The dropdown adds the masks above 32 the moment you leave the ip address for the first time AND when you have entered a valid v6 address.
Although that might be a recent change in 20.1.3. Up until 20.1.2 I thought I brute forced the showing up of numbers 32+ my appending the mask directly in the ip address filed like /64 and hitting save. This produces an error first, but then I was always able to select numbers above 32 in the dropdown. Of course you have to delete the /64 in the address field itself to be able to save it, but that always worked for me.
Give it a try.
Edit: If you ment a way to put the slaac (static) part of dynamic addresses in there, then sorry, as I havent figured out how to do that myself yet. Still new to opnsense.
-
Prefix lengths beyond /32 become available in the drop down when you enter a valid IPv6 address. This is by design and true for most parts of the OPNsense UI (not just firewall rules).
If you're trying to wildcard the prefix: That's not currently supported. Firewall rules matching individual internal hosts / subnets are only possible with a static prefix.
Cheers
Maurice
-
I stumbled over that myself, it seems to be a feature, but then I first though it to be a bug, so it might be a typical way of interpretation.
The dropdown adds the masks above 32 the moment you leave the ip address for the first time AND when you have entered a valid v6 address.
Although that might be a recent change in 20.1.3. Up until 20.1.2 I thought I brute forced the showing up of numbers 32+ my appending the mask directly in the ip address filed like /64 and hitting save. This produces an error first, but then I was always able to select numbers above 32 in the dropdown. Of course you have to delete the /64 in the address field itself to be able to save it, but that always worked for me.
Give it a try.
Edit: If you ment a way to put the slaac (static) part of dynamic addresses in there, then sorry, as I havent figured out how to do that myself yet. Still new to opnsense.
It works exactly as you say on OPNsense 20.1.3-amd64 👍. Thanks a lot :)
-
Prefix lengths beyond /32 become available in the drop down when you enter a valid IPv6 address. This is by design and true for most parts of the OPNsense UI (not just firewall rules).
If you're trying to wildcard the prefix: That's not currently supported. Firewall rules matching individual internal hosts / subnets are only possible with a static prefix.
Cheers
Maurice
Got it :), thanks a lot for replying.