Firewall gateway address in ipv6
-
Greetings.
In my netgate device I have a firewall rule which blocks devices from accessing the admin interface of the router. This is easy to do in ipv4, since the gateway has a static address. For example, in a 192.168.1.xxx subnet, the router / gateway is at 192.168.1.1., so I can block https traffic to this address from the subnet.
In ipv6, with dhcpv6-pd and "track interface", what is the format for the address I should use to block traffic to the gateway / router?
Or, alternatively, is the firewall so smart that blocking ipv4 address automatically also blocks ipv6? In my "ipv4 rule", I have listed that ipv6 traffic should also be blocked.
-
@jarmo there is a This Firewall alias that holds all pfSense IPs.
The protocols are separate; you can have a rule for both if specified otherwise two rules.
-
e.g. https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/opt-lan.html#reject-other-firewall-bound-traffic
-
Hi @SteveITS.
That was an excellent tip, I had missed the "self" target completely. This allowed me to get rid of all of my firewall aliases I needed earlier.
Thanks!