IPv6 for a single client ?



  • Hi I am setting up IPv6 on my network and so far it seems to work, if I allow any LAN device to exit via the IPv6 WAN.

    But for testing I want to limit the IPv6 GW to one single device, but this does not seem to work.
    I've added the device to a alias group via IPv4 address and FQDN then I've limited the rule to only apply to the machine in the alias group. But no traffic is hitting this group, even when this group is on top of all rules.

    Any Idea ?

    alt text

    alt text

    I've added a 2nd device to the alias group but same results.

    Any help is much appreciated.



  • I don't know how your network is configured, but typically, with SLAAC, a device gets one consistent address and up to 7 privacy addresses, with a new one every day. You have to filter on the privacy addresses, not the consistent one, to block outgoing connections.



  • Thanks for the swift response. This sounds rather complicated compared to the IPv4 setup.

    Whenever I try to make IPv6 work as smooth as IPv4 I got told that it does not work that way with IPv6. No wonder no one cares about IPv6. I could have used IPv6 since 2014,but never really bothered.

    Again thanks for your help.



  • Overall, IPv6 works the same as IPv4, but there are some differences. One great benefit is getting rid of NAT. If you want a consistent address, you just have to turn off privacy addresses. The way you do that depends on your operating system.