pfSense

It would be useful to have the option to use the ISP delegated prefix (/48, /56, etc) from DHCPv6-PD as a destination in the firewall rules, like the "This firewall (self)" destination, it could be used to prevent guest networks, using a /64 , from accessing all other /64 networks connected to the firewall as I could make a rule:

Allow IPv6 TCP 443 (HTTPS) from GUEST subnet to NOT (!) "IPv6 Delegated Prefix"

Right now, I can get manually enter the delegated prefix directly as a destination or put it in an alias but it is not automatically changed or refreshed to the new prefix if it does happen to change.