OPNsense Forum

English Forums => General Discussion => Topic started by: Perun on September 25, 2018, 08:46:48 am

Title: ipv6 fw rule with dynamic prefix
Post by: Perun on September 25, 2018, 08:46:48 am

Hi

how can I set a ipv6 firewall rule with a dynamic prefix?

Greetz

Title: Re: ipv6 fw rule with dynamic prefix
Post by: bartjsmit on September 25, 2018, 10:17:13 am

You can't. Either run a HE tunnel https://tunnelbroker.net/ or change to an ISP that is not stuck in the dark ages.

Bart...

Title: Re: ipv6 fw rule with dynamic prefix
Post by: franco on September 27, 2018, 12:58:41 pm

This is on my long-term TODO list. Martin added a prefix merge feature for DHCPv6 / RADVD, but moving this into the firewall is trickier than just merging the prefixes on a flat config file rewrite.


Cheers,
Franco

Title: Re: ipv6 fw rule with dynamic prefix
Post by: torso70 on September 08, 2020, 08:38:12 am

In release 20.7.2. there is a new alias type based on MAC addresses. You could define rules based on MAC address for the hosts with dynamically assigned IPv6 prefixes.

Title: Re: ipv6 fw rule with dynamic prefix
Post by: franco on September 08, 2020, 09:39:35 pm

I had to take a closer look, but yes, MAC alias resolves arp and ndp output so both IPv4 and IPv6 are supported.


Cheers,
Franco