Selectively block IPv6
-
I saw a similar question posed in the forums but it's not quite what I'm after.
I've got a pretty typical pfsense 2.4.1 setup running just fine at home, including IPv6 from my ISP.
First and foremost, I DO NOT want to get rid of IPv6 as a whole.
But, I have a 12-year-old with an iPod.
I use OpenDNS for content filtering and it works pretty well, with the exception of IPv6. OpenDNS does not do any filtering on IPv6 and they openly admit it.
On iOS devices, it is not possible to disable IPv6. If it were, that would be the easy/obvious solution. However Apple provides no way to disable IPv6 on the device.
Therefore, I am hoping a way exists within pfsense to, for instance, NOT hand out an IPv6 address to specific MAC addresses. Or maybe give the device a deliberately invalid address. Something, anything, to block IPv6 for specific clients.
I don't want it blocked for my whole network.
Any ideas?
Thanks in advance!
-Andy
-
I'm interested in knowing how to selectively block IPV6 too.
-
The only way I can think of doing it would be to create a new SSID for him and don't enable IPv6 on the subnet, you could also schedule the SSID to only work between certain hours.
But it's not the answer you want.
-
You might be able to get away with trying managed only on dhcpv6, set up a static assignment for his device, then add a firewall rule to block that address from the internet…
Worth a try...
-
@marjohn56:
You might be able to get away with trying managed only on dhcpv6, set up a static assignment for his device, then add a firewall rule to block that address from the internet…
Worth a try...
This is probably the best solution… and should work as long as the prefix from your ISP doesn't change.
-
@virgiliomi:
@marjohn56:
You might be able to get away with trying managed only on dhcpv6, set up a static assignment for his device, then add a firewall rule to block that address from the internet…
Worth a try...
This is probably the best solution… and should work as long as the prefix from your ISP doesn't change.
One slight issue, pretty sure some or all Android devices won't play though as they rely on on SLAC, but that's not a showstopper, they will still run on v4.