• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Firewall rule blocking access to pfsense gui not working (IPv6 global unicast getting through)

Scheduled Pinned Locked Moved Firewalling
5 Posts 3 Posters 210 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    ddbnj
    last edited by Jun 3, 2024, 12:44 AM

    I honestly thought I knew IPv6 enough but I was wrong.

    I have a guest network setup with the following rules:Screenshot 2024-06-02 203411.png

    PFsensePorts are the GUI ports and 22 for SSh
    DNS_ports are 53 and 853
    RCF1918 contains private IPv4 ranges and fd00::/8

    When checking states, my guest user can access the GUI via 2600:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx

    I don't have a fixed IPv6 prefix, although I don't know when it changed last so I don't have any GUA specific rules. My concern is that if the address supplied by my ISP changes, the rules would no longer work and I wouldn't be aware.

    How can I block traffic from accessing the pfsense GUI via a dynamically assigned GUA?

    Thanks,

    Devan

    S D 2 Replies Last reply Jun 3, 2024, 2:00 AM Reply Quote 0
    • S
      SteveITS Galactic Empire @ddbnj
      last edited by Jun 3, 2024, 2:00 AM

      @ddbnj pfSense has a This Firewall alias which should cover all IPs on it.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      D 1 Reply Last reply Jun 3, 2024, 9:48 PM Reply Quote 2
      • D
        dotdash @ddbnj
        last edited by Jun 3, 2024, 7:43 PM

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • D
          ddbnj @SteveITS
          last edited by Jun 3, 2024, 9:48 PM

          @SteveITS Thats a very valuable tidbit of info. Do you know where I can find a list of similar aliases?

          S 1 Reply Last reply Jun 3, 2024, 9:52 PM Reply Quote 0
          • S
            SteveITS Galactic Empire @ddbnj
            last edited by Jun 3, 2024, 9:52 PM

            @ddbnj It's probably in the docs somewhere. That one shows when adding a rule. There's an alias for each pfSense network/subnet plus This Firewall.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received