Project

General

Profile

Feature #7922

Add the option to select the ISP IPv6 Delegated Prefix as a destination in firewall rules

Added by Scott D over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
10/10/2017
Due date:
% Done:

0%

Estimated time:

Description

It would be useful to have the option to use the ISP delegated prefix (/48, /56, etc) from DHCPv6-PD as a destination in the firewall rules, like the "This firewall (self)" destination, it could be used to prevent guest networks, using a /64 , from accessing all other /64 networks connected to the firewall as I could make a rule:

Allow IPv6 TCP 443 (HTTPS) from GUEST subnet to NOT (!) "IPv6 Delegated Prefix"

Right now, I can get manually enter the delegated prefix directly as a destination or put it in an alias but it is not automatically changed or refreshed to the new prefix if it does happen to change.

Also available in: Atom PDF