Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
How to handle VLAN isolation for IPv6?
« previous
next »
Print
Pages: [
1
]
Author
Topic: How to handle VLAN isolation for IPv6? (Read 2052 times)
Blatancy2409
Newbie
Posts: 14
Karma: 0
How to handle VLAN isolation for IPv6?
«
on:
October 10, 2022, 06:05:52 am »
I have two VLANs, one for trusted devices (VLAN1) and one for my IoT stuff that I don't trust entirely (VLAN2). My IPv4 rules always have been allowing all traffic from VLAN1 to VLAN2 and allowing certain VLAN2 udp traffic to VLAN1.
Now my provider finally got me an IPv6 prefix. I set up IPv6 for my VLAN1 via WAN interface tracking. I also added a broad firewall rule allowing all outbound IPv6 connections on VLAN1. So far so good, I can access the IPv6 internet from VLAN1.
However, there are obvious problems with this setup:
1. Opnsense box itself receives an IPv6 address. Now it's wide open from VLAN1. How do I restrict it? In the IPv4 world, I can restrict RFC1918 and therefore limit access to internal devices. I cannot just block the current opnsense address because the provider may change the prefix at a later time.
2. The same problem I have for my VLAN2. How do I tell opnsense to block traffic from VLAN2 to VLAN1 if both have global IPv6 addresses and the prefix can be changed?
Logged
tiermutter
Hero Member
Posts: 1099
Karma: 61
Re: How to handle VLAN isolation for IPv6?
«
Reply #1 on:
October 10, 2022, 06:38:11 am »
You can use "This Firewall" in your rules, which will contain all v4 and/or v6 addresses of the sense itself, v6 prefix changes are taken into account.
Logged
i am not an expert... just trying to help...
Patrick M. Hausen
Hero Member
Posts: 6841
Karma: 574
Re: How to handle VLAN isolation for IPv6?
«
Reply #2 on:
October 10, 2022, 09:42:46 am »
https://forum.opnsense.org/index.php?topic=28447.msg138309#msg138309
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Blatancy2409
Newbie
Posts: 14
Karma: 0
Re: How to handle VLAN isolation for IPv6?
«
Reply #3 on:
October 10, 2022, 06:08:28 pm »
Interesting idea cross-blocking ipv6 between the vlans, thanks!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
How to handle VLAN isolation for IPv6?