Feature #2466
Allow single firewall rules to apply to both IPv4 and IPv6 simultaneously
| Status: | Resolved | Start date: | 05/31/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Seth Mos |
% Done: | 0% |
|
| Category: | Rules/NAT | |||
| Target version: | 2.1 | |||
| Affected version: | 2.1 | Affected Architecture: |
Description
I've added code that allows for setting a firewall rule to IPv4+IPv6
Limitations:
- only allows tcp/udp and icmp
- no icmp types
- no gateways or groups
Considering locking it down further to just rules with aliases.
Current issue is that when one selects WAN address, it just adds the v4 WAN address. Not both. Might need more logic in filter.inc
Associated revisions
Add a inet46 filter type on the firewall rules page. I have locked down a few of the most common limitations.
Still arguing if we should lock this down even further to aliases only.
Redmine ticket #2466
History
#1
Updated by Seth Mos 12 months ago
- Status changed from New to Feedback
Seems to work so far, filter.inc code needs to duplicate rules by address families to work for addresses, reply-to and gateways.
#2
Updated by Richard Adams 3 months ago
I can confirm this is working. Now if only you could mix IPv4 and IPv6 within aliases.
#3
Updated by Chris Buechler 3 months ago
- Status changed from Feedback to Resolved
Thanks. You can mix v4 and v6 within aliases, we do extensively on our production networks. If there's a scenario where you can't, please post to the forum or mailing list so we can review.