Project

General

Profile

Actions

Feature #7922

open

Add the option to select the ISP IPv6 Delegated Prefix as a destination in firewall rules

Added by Scott D about 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
10/10/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

It would be useful to have the option to use the ISP delegated prefix (/48, /56, etc) from DHCPv6-PD as a destination in the firewall rules, like the "This firewall (self)" destination, it could be used to prevent guest networks, using a /64 , from accessing all other /64 networks connected to the firewall as I could make a rule:

Allow IPv6 TCP 443 (HTTPS) from GUEST subnet to NOT (!) "IPv6 Delegated Prefix"

Right now, I can get manually enter the delegated prefix directly as a destination or put it in an alias but it is not automatically changed or refreshed to the new prefix if it does happen to change.

No data to display

Actions

Also available in: Atom PDF