Automatically generated rules causing issues

  • I'm trying to use a pfsense firewall as a perimeter firewall where I have both public IPv4 addresses and public IPv6 prefix delegation going into the device. IPv4 is coming into a bridged WAN/Internal interface while IPv6 is coming in a completely separate WAN interface that is not bridged, but instead is performing prefix delegation to 2 other separate interfaces. The issue I have is the automatically generated IPv6 firewall rules are forcing the ICMPv6 router solicitation, advertisement, etc. be allowed on all interfaces. This causes an issue because the default IPv6 prefix is leaking through the IPv4 bridge.

  • @MikeAce

    What happens if you make the bridge interface IPv4 only?

  • The bridged interfaces are ipv4 only. the issue is that the automatically generated rules are floating rules so they apply globally

Log in to reply