Messages

I understand that we can create a network group holding all vlan networks to prohibit inter vlan routing when internet access is to be defined. but thats fiddly.
I want to be precise and substainable and so the prefix himself is the best.

Nevertheless Iam okay with the network group of interfaces.
Thanks.

[::cafe:cafe:cafe:cafe]

Hi,

I have a opnsense behind a fritzbox which sucessfully delegates a /60 prefix to it.
The problem begins with if i try to create a firewall alias for that prefix.

For the lan adress Ive create a dynamic ipv6 host with a content like  ::cafe:cafe:cafe:cafe 
Now the alias contains the complete address and will be refreshed hopefully if the prefix changes.

What I need further is the prefix address without the /64 host-id. I would write this
like  ::cafe:cafe:cafe:cafe/60 

The result should be the prefix without host-id and the given netmask.

Now the standard firewall internet access rule could be expressed with
  - src=<network> dst= not <prefix>

Is there a chance to get this implemented?