Actions
Feature #12190
openAbility to use an IPv6 prefix in firewall rules
Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Description
Many users have internet connections with a dynamic ipv6 prefix (a real joy). Currently firewall rules can only reference the rule's interface's prefix. To get around this limitation, allow the use of a tag in rules and aliases to select the specific interface to use a prefix from, as well as define the length of the prefix being extracted.
As of now, first 5 commits here: https://github.com/gregtwallace/pfsense/commits/ipv6-tags are a rough implementation of tags in the firewall rules (aliases not yet implemented). Format for source or destination address is {LAN-56}2601:db8::dead:beef This example would extract the first 56 bits from the lan ipv6 address and combine it with the remaining end bits of 2601:db8::dead:beef
- Not covered by this, but a future additional feature could be to include this same format as valid in DHCPv6/RA server (for things such as DNS server, NTP, etc.)
Actions