Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Automatically generated rules causing issues

    IPv6
    2
    3
    92
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MikeAce last edited by

      I'm trying to use a pfsense firewall as a perimeter firewall where I have both public IPv4 addresses and public IPv6 prefix delegation going into the device. IPv4 is coming into a bridged WAN/Internal interface while IPv6 is coming in a completely separate WAN interface that is not bridged, but instead is performing prefix delegation to 2 other separate interfaces. The issue I have is the automatically generated IPv6 firewall rules are forcing the ICMPv6 router solicitation, advertisement, etc. be allowed on all interfaces. This causes an issue because the default IPv6 prefix is leaking through the IPv4 bridge.

      JKnott 1 Reply Last reply Reply Quote 0
      • JKnott
        JKnott @MikeAce last edited by

        @MikeAce

        What happens if you make the bridge interface IPv4 only?

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 64 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • M
          MikeAce last edited by

          The bridged interfaces are ipv4 only. the issue is that the automatically generated rules are floating rules so they apply globally

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy