Question about Featurerequest #6626 (rules for dynamically changing IPv6 prefixes)
-
Hi,
I tried to find any explanation for the feature request #6626. Unfortunately I failed to find anything detailed.
After a little bit of testing got the following results:- using the destination "::/56" in a rule on any VLAN interface works as expected, the destination is expanded to the current prefix
- using the destination "::/56" in a rule on either OpenVPN or IPsec fails, the destination will NOT be expanded => non functional
- using the destination "::/56" in a floating rule fails, the destination will NOT be expanded => non functional
Questions:
- Is there any documentation on #6626 that explains in detail what should work after this change and what not?
- Is it the intended behavior that the shortcut "::/56" cannot be used in floating rules and VPN rules?
Thanks
-
It only works on the interface tab(s) for interface(s) where the dynamic address can be looked up from the OS interface.
Otherwise it is ambiguous and cannot be properly resolved. It has no way to know which interface to look it up from.
IIRC there is an open feature request for that sort of thing (https://redmine.pfsense.org/issues/7922 exists also but it's not quite that either).
Ultimately the problem is that the daemon that gets the delegations from upstream doesn't expose the info in a way we can use it outside of an OS interface, so they can't be used anywhere else even if we know the prefix ID and so on.