Project

General

Profile

Actions

Feature #12190

open

Ability to use an IPv6 prefix in firewall rules

Added by Greg Wallace over 3 years ago. Updated 4 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

Many users have internet connections with a dynamic ipv6 prefix (a real joy). Currently firewall rules can only reference the rule's interface's prefix. To get around this limitation, allow the use of a tag in rules and aliases to select the specific interface to use a prefix from, as well as define the length of the prefix being extracted.

As of now, first 5 commits here: https://github.com/gregtwallace/pfsense/commits/ipv6-tags are a rough implementation of tags in the firewall rules (aliases not yet implemented). Format for source or destination address is {LAN-56}2601:db8::dead:beef This example would extract the first 56 bits from the lan ipv6 address and combine it with the remaining end bits of 2601:db8::dead:beef

  • Not covered by this, but a future additional feature could be to include this same format as valid in DHCPv6/RA server (for things such as DNS server, NTP, etc.)
Actions

Also available in: Atom PDF