Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall Rule to Match /64 Routed Subnet With Dynamic Prefix
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall Rule to Match /64 Routed Subnet With Dynamic Prefix (Read 853 times)
Monstieur
Newbie
Posts: 2
Karma: 0
Firewall Rule to Match /64 Routed Subnet With Dynamic Prefix
«
on:
August 13, 2023, 03:11:05 am »
OPNsense gets a /60 dynamic prefix from the ISP and delegates a /61 to a downstream L3 switch. Appropriate routes are created for the /61. The switch uses one /64 subnet per VLAN from the /61. How do I create a LAN interface firewall rule that matches an entire /64 source subnet with a dynamic prefix?
I want to create separate rules for each source subnet below.
::0:0:0:0:0/64
to
::7:0:0:0:0/64
The rule should ignore the last 64 bits, and merge the first 64 bits with the /60 dynamic prefix to match the specified subnet.
«
Last Edit: August 13, 2023, 06:09:32 am by Monstieur
»
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Firewall Rule to Match /64 Routed Subnet With Dynamic Prefix
«
Reply #1 on:
August 13, 2023, 01:23:45 pm »
Unfortunately you can't. Firewall aliases for dynamic IPv6 have been debated in depth years ago. As far as I remember, it was decided to implement the (then new) "Dynamic IPv6 Host" alias type first and then maybe later add an alias type for dynamic IPv6 subnets. As far as I'm aware, this hasn't happened yet.
Cheers
Maurice
https://github.com/opnsense/core/issues/2544
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall Rule to Match /64 Routed Subnet With Dynamic Prefix
