Allowing ICMPv6

Started by rabi, May 19, 2022, 05:19:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 19, 2022, 05:19:10 PM
Hello,

I have Created a firewall network alias for my ipv6 prefix and created a rule on the WAN interface, passed ipv6 icmp echo request, source any, dest the Alias of my prefix, and its working fine but whenever my prefix change I have to update the alias manually.

How to set the alias to be adjusted to the new prefix automatically?

https://www.reddit.com/r/OPNsenseFirewall/comments/hnu8b5/allowing_icmpv6/
May 20, 2022, 09:57:17 PM #1
Thanks for "IsaacFL" on Reddit helped me solve this:


"First, go to Settings, Interfaces and make sure that "IPv6 DHCP" has "Prevent release" checked.

It shouldn't get a new prefix each reboot.

Secondly:

Go to Firewall, Groups, and create an Interface Group with all of your local Interfaces included. I called mine, "IG_LOCAL"

Now on your WAN Interface create the same ICMPv6 rule as above, but now your destination is "IG_Local net"

Basically, the Group acts as an Alias for all of the local Prefixes this way."
May 21, 2022, 02:00:30 AM #2
Or you can use a firewall alias of type "Dynamic IPv6 host" as destination.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
May 21, 2022, 01:13:02 PM #3
Quote from: meyergru on May 21, 2022, 02:00:30 AM
Or you can use a firewall alias of type "Dynamic IPv6 host" as destination.

yes, this also works, but if you have multi-local interfaces the groups are easier to manage.

** if someone wondering what to fill the content within the "Dynamic IPv6 host" alias, just keep it empty and interface select your lan.
Print
Go Up Pages1
User actions