Firewall TCP Version Seperate IPv4 and IPv6 rules or combined IPv4+IPv6 rules?

Com_DAC · February 12, 2023, 02:16:52 PM

So I've currently got a bunch of rules that are setup between vlans and I've got two rules one for IPv4 and one for IPv6 and other than the TCP version they are the same. Is there any drawbacks to setting them up as a single IPv4+IPv6 rule?

Also if I've got an alias for networks that contains both IPv4 and IPv6 networks will the rule properly know how to apply that with the version combined?

My guess is yes but just wanted to confirm as the default configuration on the LAN connection is two separate rules.

Thank you,

franco · February 13, 2023, 08:14:19 AM

The rule engine does create split IPv4/IPv6 rules for pf.conf to avoid confusing it. The workflow on your end doesn't matter because of this.

Cheers,
Franco

Firewall TCP Version Seperate IPv4 and IPv6 rules or combined IPv4+IPv6 rules?

Com_DAC

February 12, 2023, 02:16:52 PM Last Edit: February 12, 2023, 08:41:41 PM by Com_DAC

franco

February 13, 2023, 08:14:19 AM #1