<interface>:network contains only 1 net on dual stack interface

ajr · September 18, 2024, 05:37:22 PM

Some nets have both an IP4 and an IP6 address.
Looking at the rule set with pfctl shows only 1 net.

E.g.
pass in quick on vlan010 inet from (vlan010:network:1) to (vlan011:network:1)

What could be the reason?
Both addresses are static.

IP6 addresses come from a openvpn tunnel, which may be not yet established wenn pf starts.
Other addresses come via DHCP6.

Should I use aliases instead of <if>:network ?

franco · September 18, 2024, 08:12:05 PM

Because ":1" selects the first address only.

Cheers,
Franco

ajr · September 18, 2024, 10:33:13 PM

I see:
the GUI "<interface> net" rule is split by pf into 2 rules, one for IP4 and one for IP6:
pass in quick on vlan010 inet from (vlan010:network:1) to (vlan011:network:1) flags
pass in quick on vlan010 inet6 from (vlan010:network:1) to (vlan011:network:1) flags
Each of them relates to only 1 net.

Thanks, Franco.
Ajr

<interface>:network contains only 1 net on dual stack interface

ajr

September 18, 2024, 05:37:22 PM

franco

September 18, 2024, 08:12:05 PM #1

ajr

September 18, 2024, 10:33:13 PM #2