Messages

Prefix lengths beyond /32 become available in the drop down when you enter a valid IPv6 address. This is by design and true for most parts of the OPNsense UI (not just firewall rules).

If you're trying to wildcard the prefix: That's not currently supported. Firewall rules matching individual internal hosts / subnets are only possible with a static prefix.

Cheers

Maurice

Got it :), thanks a lot for replying.

I stumbled over that myself, it seems to be a feature, but then I first though it to be a bug, so it might be a typical way of interpretation.

The dropdown adds the masks above 32 the moment you leave the ip address for the first time AND when you have entered a valid v6 address.

Although that might be a recent change in 20.1.3. Up until 20.1.2 I thought I brute forced the showing up of numbers 32+ my appending the mask directly in the ip address filed like /64 and hitting save. This produces an error first, but then I was always able to select numbers above 32 in the dropdown. Of course you have to delete the /64 in the address field itself to be able to save it, but that always worked for me.

Give it a try.

Edit: If you ment a way to put the slaac (static) part of dynamic addresses in there, then sorry, as I havent figured out how to do that myself yet. Still new to opnsense.

It works exactly as you say on OPNsense 20.1.3-amd64 👍. Thanks a lot :)

防火墙设置匹配目的IP前缀只有0~32。请问如果想匹配IPv6地址应该怎么办？可以和iptables一样用::xxxx:xxxx/::ffff:ffff吗，我在网页上这么做会报错不能保存。

3.24>已解决，https://forum.opnsense.org/index.php?topic=16433.0

Hi,
I'm trying to allow TCP/UDP requests from IPv6 WAN, but the maxium prefix is 32 :'(. And I'm not able to use formats like ::xxxx/64 nor ::xxxx/::ffff, it results as The following input errors were detected: ::xxxx/64 is not a valid destination IP address or alias.. Any ways to solve this? Thanks for any kinds of help.