Delegated prefix in firewall rules?
-
@Sevi said in Delegated prefix in firewall rules?:
Apparently dynamic prefixes with this kind of alias will never be possible in pfSense for technical reasons - at least that's what I gathered from the posts cited above.
I don't know if you are aware and I know, it is not what was asked here about, but you can create aliases for dynamic IPv6 hosts with the help of the DHCPv6 Server and a hostname given by DHCPv6. You then can create an alias from that hostname the same way you can do that with IPv4 and it will change.
-
@Bob-Dig Good point! I believe that approach was mentioned in one of the posts above.
As far as I understood it, the limitation with aliases, is that they cannot be something that would expand to different things in different contexts, e.g. depending on which interface the alias is used on. But a FQDN that gets translated through DNS works of course (For my own network, I just didn't want the hassle of setting up DHCPv6 in parallel to my IPv4 DHCP at the moment
). -
@Sevi said in Delegated prefix in firewall rules?:
patch should also be included in upcoming releases
ref: https://docs.netgate.com/pfsense/en/latest/releases/24-03.html#aliases-tables
@Sevi said in Delegated prefix in firewall rules?:
address ::123
Hmm, thanks, will try that. Our IPv6 prefix at home changed recently and my main client (wife) was annoyed for a while without telling me.
@johnpoz said in Delegated prefix in firewall rules?:
free Hurricane Electric tunnel
We did that once because of a specific setup...it functions, but the throughput is throttled, about 35 Mbps as I recall. And there are sites that consider HE IPs like a VPN and block access, for instance sites that can only show video or sports content to certain regions due to licensing.
