I got dual-stack in home network after some drama and everything works fine and IPv6 took over IPv4 everywhere, great.
My firewall rules however are void now because of IPv6.
Things like my robot vacuum, my office printer, my wireless router running OpenWRT, all had no access to the internet whatsoever.
Well, they were IPv4 rules, and because of the SLAAC IPv6 from the IPS, those rules are all voided now.
What options do I have??
It makes no sense to either setup a DHCPv6 or even worse, disable IPv6.
I am planning in upgrading my home network from 1G to 10G coz of my DIY NAS and all the Proxmox stuff, is VLAN my only real option left??
Thank you
Separating clients of different trust levels into different networks, e.g. via VLANs, is common best practice, yes.
Quote from: Patrick M. Hausen on Today at 08:36:05 AMSeparating clients of different trust levels into different networks, e.g. via VLANs, is common best practice, yes.
Hmm so I am gonna have to speed things up. It has been hard to find managed network switches that do not have locked SFP.
I am novice into advanced networking and I assumed that I could set up two subnet from 10.19.0.0/16 but that is not how things works.
It could also in theory have VLANs set on OPNSense without a managed network switch, although it may be possible it is not the best practice.
So reading between lines, I cannot force OPNSense to solve my problem on its own and do things the right way.
Thanks a lot Patrick
Well, there is the "Dynamic IPv6 Host" type in Firewall: Aliases that you can use to identify devices based on their MAC address regardless of which (changing) IPv6 address they use. Does not help with e.g. modern phones, that even obfuscate their MAC address, though.