Filter an IPV6-address not possible !!?? :(
-
To be able to directly route to local clients, I have to use IPV6-addresses.
Since I would like to restrict the accessibility to certain lan's and to certain clients, I tried to setup a rules like this:
Allow <LanA> <some port>
Allow <LanB> <some port>
Allow <IPV6-address-X> <some port>However that is not possible.
I first tried to define a rule:
Allow IP6-rangeA to some port
=> not possibleThen I tried to define a (network) alias:
SomeLans: 'IP6-range Lan-A' + 'Ip6-range LanB'
=> not possibleThen I tried to do the same for a single IPV6 address
=> not possibleOnly 32 bit addresses supported
Not so happy with this
Note that I partly worked around this by
defining rules like
WAN
pass
only IPV6
destination VLAN-A (having both IPV4 and IPV6 addresses)
destination port <some port> -
@louis2 what pfSense version are you using? It works beautifully for me.
You use type 'Host' for a host and of typoe 'Network' for a networks.
But what you can't do is use an IPv6 address as type 'Host' with netmask 128. Just don't add a netmask and netmask is not necessary for hosts since the type 'Host' makes it clear that it expects a host.
Addition: what is not possible, is to use type 'Host' to add multiple IPv6 host address in one step, like 2001:db8:dead:beaf::1-2001:db8:dead:beaf::9. That is indeed possible for IPv4 but not IPv6.
-
You are right! It is possible via an alias! Do not know why it did not work. See screen shot. I was only allowed to select IPV4-ranges /32 max .....
My confusion started there
No idea why I had this trouble ! Note that I still can not enter an address where the text states 'alias or address'
For info I am running the latest pfSense+ version
-
@louis2 said in Filter an IPV6-address not possible !!?? :(:
No idea why I had this trouble ! Note that I still can not enter an address where the text states 'alias or address'
Mmmh, if I set the 'Address Familty' to 'IPv6' it does work for me (but not if set to 'IPv4+IPv6')
