Screenshot 2023-06-15 at 2.40.04 PM.png
(Blocked IPV6 as my ISP does not hand out IPV6 addresses only IPv4)

Per Netgate docs
"Ethernet rules can use Aliases for L3 source/destination matching but there is no support for MAC Address aliases at this time."

This works and shows traffic. Each IP has its MAC recorded into the rule.

Working config, Squid, Squidguard, Snort, Lightsquid, Auth-NTP, DNS over port 853, Clam-AV, UpNp for xbox alongside floating Queue CODEL this is functional and other ACLs are still working with this version. I have set the top line to block out all IPV6

Test now running for 24 hours no issues.

@madtrick
The IP variable is the same, but you have to set up a special IPv6 update client so that pfSense takes the IPv6 interface address.
https://dyndns.inwx.com/nic/update?myipv6=%IP%

@leonroy said in Can't create IPv4+IPv6 Firewall rule with an alias:

What I ended up doing was sticking my PiHole IP address in an Alias as well and setting that as the Source alias. Not sure if that's the best way of doing it but it worked...

If your PiHole should answer IPv6 and work with IPv6 it needs an IPv6 address. Without that makes no sense, then you can simply block all IPv6 alltogether. If your Pi has IPv4 and IPv6 then that's the right way, put both into the alias and use it in rules.

That said I wouldn't work with invert rules but that's my approach.