pfSense

Many users have internet connections with a dynamic ipv6 prefix (a real joy). Currently firewall rules can only reference the rule's interface's prefix. To get around this limitation, allow the use of a tag in rules and aliases to select the specific interface to use a prefix from, as well as define the length of the prefix being extracted.

As of now, first 5 commits here: https://github.com/gregtwallace/pfsense/commits/ipv6-tags are a rough implementation of tags in the firewall rules (aliases not yet implemented). Format for source or destination address is {LAN-56}2601:db8::dead:beef This example would extract the first 56 bits from the lan ipv6 address and combine it with the remaining end bits of 2601:db8::dead:beef

• Not covered by this, but a future additional feature could be to include this same format as valid in DHCPv6/RA server (for things such as DNS server, NTP, etc.)