Can't create IPv4+IPv6 Firewall rule with an alias

leonroy

I've a URL Table (IPs) Firewall alias of IPv4 and IPv6 addresses. When I try and block access to it in the LAN firewall rules I get the error:

IPv4 and IPv6 addresses can not be used in rules that apply to both IPv4 and IPv6 (except within an alias).

The form looks like so:

I believe I'm doing it right, any thoughts?

JeGr

@leonroy said in Can't create IPv4+IPv6 Firewall rule with an alias:

I believe I'm doing it right, any thoughts?

You are using an IPv4 as source so that's why the rule won't work with IPv4/IPv6 - that can' work :)

leonroy

@jegr said in Can't create IPv4+IPv6 Firewall rule with an alias:

You are using an IPv4 as source so that's why the rule won't work with IPv4/IPv6 - that can' work :)

Thanks following the guide here https://labzilla.io/blog/force-dns-pihole

Which adds a mixed IPv4 and IPv6 list of IP addresses and blocks access to them on the network.

Not sure how else to prevent access to a mixed list like that when my homelab environment is all IPv4.

What I ended up doing was sticking my PiHole IP address in an Alias as well and setting that as the Source alias. Not sure if that's the best way of doing it but it worked...

JeGr

@leonroy said in Can't create IPv4+IPv6 Firewall rule with an alias:

What I ended up doing was sticking my PiHole IP address in an Alias as well and setting that as the Source alias. Not sure if that's the best way of doing it but it worked...

If your PiHole should answer IPv6 and work with IPv6 it needs an IPv6 address. Without that makes no sense, then you can simply block all IPv6 alltogether. If your Pi has IPv4 and IPv6 then that's the right way, put both into the alias and use it in rules.

That said I wouldn't work with invert rules but that's my approach.