Messages

1

24.1 Legacy Series / Re: Dynamic IPv6 prefixes / dynamic DNS / VPN: Handling via NPTv6?

« on: September 12, 2024, 08:49:07 am »

I use 64:ff9b::/96 instead of a ULA. It's meant for NAT64 so there will be no conflict on the Internet. Most operating systems treat it as a GUA and prefer it over IPv4, unlike a ULA.

2

General Discussion / Firewall Rule to Match /64 Routed Subnet With Dynamic Prefix

« on: August 13, 2023, 03:11:05 am »

OPNsense gets a /60 dynamic prefix from the ISP and delegates a /61 to a downstream L3 switch. Appropriate routes are created for the /61. The switch uses one /64 subnet per VLAN from the /61. How do I create a LAN interface firewall rule that matches an entire /64 source subnet with a dynamic prefix?

I want to create separate rules for each source subnet below.
::0:0:0:0:0/64
to
::7:0:0:0:0/64

The rule should ignore the last 64 bits, and merge the first 64 bits with the /60 dynamic prefix to match the specified subnet.