Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPV6, IPV4, traffic shaping, and pfblockerng

    Scheduled Pinned Locked Moved IPv6
    2 Posts 2 Posters 751 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      m3nt0r123
      last edited by

      I have a simple home network. Just a handful of devices with an AP providing WiFi. I realized that a number of devices are using IPV6 instead of static IPV4 addresses I assigned. I read through the documentation and am thoroughly confused and need some guidance.

      I want to ensure my traffic shaping (PRIQ) works as intended and that my packages function as intended as well. I have floating rules for traffic shaping to prioritize traffic but imagine those rules are not applied since an IPV6 lease is assigned to the device rather than the static IPV4.

      Should I disable IPV6?
      Am I able to apply PRIQ to IPV6? Is it already applied?
      Should my other packages work as expected (pfblockerng, suricata)?

      Any and all guidance is greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @m3nt0r123:

        I have a simple home network. Just a handful of devices with an AP providing WiFi. I realized that a number of devices are using IPV6 instead of static IPV4 addresses I assigned. I read through the documentation and am thoroughly confused and need some guidance.

        Pure IPv6 devices exist when you force them to use only IPv6. I guess you didn't,, so they all ask (DHCP) for an IPv4 and, if they can handle it, an IPv6.

        @m3nt0r123:

        I want to ensure my traffic shaping (PRIQ) works as intended and that my packages function as intended as well. I have floating rules for traffic shaping to prioritize traffic but imagine those rules are not applied since an IPV6 lease is assigned to the device rather than the static IPV4.

        Can't tell, never shaped anything in my life.

        @m3nt0r123:

        Should I disable IPV6?

        Maybe, for the time being.
        But guidance isn't what you need. IPv6 is a huge subject. As "IPv4", you'll have to go through the "learning phase".

        @m3nt0r123:

        Am I able to apply PRIQ to IPV6? Is it already applied?

        Never heard that shaping, or "PRIQ" is IPv4-only.

        @m3nt0r123:

        Should my other packages work as expected (pfblockerng, suricata)?

        pfblockerng will work well - checkup with their support. But you should know that that the concept of "lists with bad IPv6" will never work out in the future, it's simply to big. Using DNSBL still works.

        suricata is more an packet inspection tool. These are still the same. The "IPv4" or "IPv6" is just the envelop that transports the packet.

        The thing is : as a firewall operator you do not have a choice, you should become friends with IPv6.
        Remember : a firewall handles IP packets. And IP means : IPv4 or IPv6, knowing that IPv4 will fade out (in the next decade so you have some time ;))

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.