Messages

No one ever responded, and my experimentations with OPNSense myself never yielded acceptable results.

I switched back to PFSense and managed to get 98% of what I'm after.  My only problem there and probably would be a problem here as well, is there is no firewall rule to block ARPs.  So I still get arp requests and replies flooding across the bridge, as well as other  non IP protocols but it will do for my needs.

Here's what finally fixed my WEBui access from the WAN

Firewall / Settings / Advanced  -  Disable anti-lockout = Checked

I already had  - Disable administration anti-lockout rule = Checked

At work, we have products that help analyze networks.

We've supported IPv6 for years, but only in conjunction with IPv4 as well.  Recently we've been getting requests to support pure IPv6 networks with no IPv4 present at all.  Companies like Banks, Insurance, Google, Facebook, etc.  So we probably can't just tell them to go away, or it's a bad idea.

Our problem is that setting up pure IPv6 networks is HARD.  Most of our developers are remote like me.  I was able to setup pure IPv6 using PFSense and splitting the IPv4 NAT to one interface and the IPV6 to another but it's problematic since I no longer have a combined IPv4/IPv6 environment.

MY QUESTION:

Can I take an old laptop, desktop, or cheap x86 box, and using OPNSense, create a transparent bridge that strips off any/all IPv4 packets, but passes IPv6 (unicast and multicast) to create a seemingly pure IPv6 network?

This could give me the best of both worlds, plug into my normal lan for a combined 4/6 net, or plug into the lan port of the OPNSense to get a pure IPv6 net.

I kind of tried it with PFSense, but a few years ago they began blocking all broadcast packets between bridged networks, or at least that was the explanation I was given without any reasons why.  I'm hoping OPNSense hasn't done the same thing.