Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dynamic IPv6 alias tracking provider prefix delegation.

    Scheduled Pinned Locked Moved IPv6
    8 Posts 6 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      ronnyvdb
      last edited by

      Re: Is a dynamic alias or variable for IPv6 Prefix scheduled?

      Good day, as far as I can read everywhere, there is still no fix for dynamic ipv6 aliases tracking the first 64 bits of prefix delegation.
      The latest post which I did find on the forum is quite old, maybe I didn't searched well enough.
      Two years ago one could argue that IPv6 was in the early stages of adoption, but now these days?
      Lack of this feature means that the whole firewall part for IPv6 is useless for any professional dedicated purpose.
      Isn't there any active development anymore on pfsense?

      GrimsonG 1 Reply Last reply Reply Quote 1
      • GrimsonG
        Grimson Banned @ronnyvdb
        last edited by

        @ronnyvdb said in Dynamic IPv6 alias tracking provider prefix delegation.:

        Lack of this feature means that the whole firewall part for IPv6 is useless for any professional dedicated purpose.

        Professional purposes with dynamic prefixes, bullshit.

        R 1 Reply Last reply Reply Quote 0
        • R
          ronnyvdb @Grimson
          last edited by ronnyvdb

          @grimson Gee, that's helpful and constructive.

          1 Reply Last reply Reply Quote 0
          • MikeV7896M
            MikeV7896
            last edited by

            Professional purposes or not, there's still a desire to have the ability for a dynamic prefix variable or list selection in order for IPv6 firewall rules to dynamically adjust if the prefix assigned by an ISP should change. And this has been around for now over 2.5 years (the topic linked to was started in April 2016).

            Whether you're allowing something in from the internet to a particular host, or restricting host(s) on a LAN from making particular outbound connections, this is still a desire that multiple people have. And there's still an open feature request for this.

            The S in IOT stands for Security

            S 1 Reply Last reply Reply Quote 0
            • S
              smitheo1 @MikeV7896
              last edited by

              @virgiliomi But that means not checking the firewall rules and leave it to PFSense to automatically make dynamic rules like Windows....bad idea...imo.

              1 Reply Last reply Reply Quote 0
              • JKnottJ
                JKnott
                last edited by

                Are your prefixes really dynamic? With DUID, the prefix should be consistent. However, there is a setting "Do not allow PD/Address release" on the WAN tab that must be selected. It's off by default, IIRC.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 0
                • MikeV7896M
                  MikeV7896
                  last edited by

                  My prefix is "dynamic"... yes, in theory as long as the DUID doesn't change, my prefix doesn't change either (I successfully held the same /60 prefix from my ISP for over a year, before changing the DUID for troubleshooting purposes). Same with the IPv4 address and my MAC address.

                  But that doesn't mean that my ISP couldn't at some point initiate some changes to their network that would cause my prefix to change, just as my IPv4 address has changed in the past when they've done major network maintenance, though obviously the MAC wouldn't have changed.

                  So I am still of the notion that this is something needed. A dynamic prefix, no matter how stable it might be, is still dynamic and could potentially change at any time for a variety of reasons.

                  The S in IOT stands for Security

                  1 Reply Last reply Reply Quote 1
                  • M
                    maus
                    last edited by

                    This post is deleted!
                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.