1
General Discussion / Firewall Rule to Match /64 Routed Subnet With Dynamic Prefix
« on: August 13, 2023, 03:11:05 am »
OPNsense gets a /60 dynamic prefix from the ISP and delegates a /61 to a downstream L3 switch. Appropriate routes are created for the /61. The switch uses one /64 subnet per VLAN from the /61. How do I create a LAN interface firewall rule that matches an entire /64 source subnet with a dynamic prefix?
I want to create separate rules for each source subnet below.
::0:0:0:0:0/64
to
::7:0:0:0:0/64
The rule should ignore the last 64 bits, and merge the first 64 bits with the /60 dynamic prefix to match the specified subnet.
I want to create separate rules for each source subnet below.
::0:0:0:0:0/64
to
::7:0:0:0:0/64
The rule should ignore the last 64 bits, and merge the first 64 bits with the /60 dynamic prefix to match the specified subnet.