Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall gateway address in ipv6

    Scheduled Pinned Locked Moved IPv6
    4 Posts 2 Posters 89 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jarmo
      last edited by jarmo

      Greetings.

      In my netgate device I have a firewall rule which blocks devices from accessing the admin interface of the router. This is easy to do in ipv4, since the gateway has a static address. For example, in a 192.168.1.xxx subnet, the router / gateway is at 192.168.1.1., so I can block https traffic to this address from the subnet.

      In ipv6, with dhcpv6-pd and "track interface", what is the format for the address I should use to block traffic to the gateway / router?

      Or, alternatively, is the firewall so smart that blocking ipv4 address automatically also blocks ipv6? In my "ipv4 rule", I have listed that ipv6 traffic should also be blocked.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @jarmo
        last edited by

        @jarmo there is a This Firewall alias that holds all pfSense IPs.

        The protocols are separate; you can have a rule for both if specified otherwise two rules.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        S 1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire @SteveITS
          last edited by

          e.g. https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/opt-lan.html#reject-other-firewall-bound-traffic

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote ๐Ÿ‘ helpful posts!

          1 Reply Last reply Reply Quote 0
          • J
            jarmo
            last edited by

            Hi @SteveITS.

            That was an excellent tip, I had missed the "self" target completely. This allowed me to get rid of all of my firewall aliases I needed earlier.

            Thanks!

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.