Hi everyone,
I have a question regarding the IDS configuration in OPNsense when using IPv6 with dynamic prefix delegation from the ISP.
Under:
Services → Intrusion Detection → Administration
there is the setting:
Home networks
Current default value:
192.168.0.0/16
10.0.0.0/8
172.16.0.0/12
The hint says:
"Networks to interpret as local"
For IPv4 this is straightforward, but I am unsure how this should properly be configured for IPv6 when the ISP delegated prefix changes dynamically.
Example:
LAN currently receives a delegated /64
Prefix may change after reconnect/reboot
Questions:
Should the current delegated IPv6 LAN subnet be manually added here?
Is there a recommended way to handle dynamic IPv6 prefixes?
Can interface macros/variables like $LAN_NET be used in this field?
What is the recommended best practice for IDS Home Networks with IPv6 PD?
I would appreciate clarification on the intended/recommended configuration.
Thanks!