Block local IPv6 subnets with WAN Tracking
-
Hi,
tried to google this topic and searched here, but found nothing. Please excuse, there has already been a solution described, but I didn't find it.
I have a separated network, which is allowed to have internet access, but not other local networks. This is easy done by blocking access to other RFC1918 networks, e.g. described here. However, this is not the same for IPv6, at least if Prefix Delegation is is used and the WAN is tracked.
I'm using the Router Advertisement Mode "Managed". So a DHCPv6 Server is providing the IPv6 subnets, I got from my ISP.
Currently I'm using rules, which reject access from the above mentioned network, to other local networks and its working fine. But this also means I have to add new rules, if new local networks have to be created.
Is there an easier way to archive my goals?
Greetings
Sebastian -
When setting up a filter, under Source and Destination, there's an alias called LAN net. Might that do what you want? There is similar for other networks.
-
@JKnott Thanks for your answer, but my question is not only about the "LAN net", but about other optional local network, e.g. the separation between "LAN" and "Guest".
-
One thing to remember is traffic does not pass between different subnets, unless you specifically allow them.
Here are the rules for my guest WiFi, which may be what you want:
