Print Page - Firewall TCP Version Seperate IPv4 and IPv6 rules or combined IPv4+IPv6 rules?

Title: Firewall TCP Version Seperate IPv4 and IPv6 rules or combined IPv4+IPv6 rules?
Post by: Com_DAC on February 12, 2023, 02:16:52 PM

So I've currently got a bunch of rules that are setup between vlans and I've got two rules one for IPv4 and one for IPv6 and other than the TCP version they are the same. Is there any drawbacks to setting them up as a single IPv4+IPv6 rule?

Also if I've got an alias for networks that contains both IPv4 and IPv6 networks will the rule properly know how to apply that with the version combined?

My guess is yes but just wanted to confirm as the default configuration on the LAN connection is two separate rules.

Thank you,

Title: Re: Firewall TCP Version Seperate IPv4 and IPv6 rules or combined IPv4+IPv6 rules?
Post by: franco on February 13, 2023, 08:14:19 AM

The rule engine does create split IPv4/IPv6 rules for pf.conf to avoid confusing it. The workflow on your end doesn't matter because of this.

Cheers,
Franco

OPNsense Forum

English Forums => General Discussion => Topic started by: Com_DAC on February 12, 2023, 02:16:52 PM