Host Specific IPV6 Rules



  • I have IPV6 set up and working, my ISP is Comcast and I'm using DHCP6 to get the WAN address and Track Interface WAN on the LAN interface.

    How do I create rules to allow traffic on some ports to reach LAN hosts?  I haven't found any way to make the IPV6 address assigned be deterministic.



  • @robertn:

    I haven't found any way to make the IPV6 address assigned be deterministic.

    There is a way using DHCPv6 if you already know your PD addresses but may cause issues down the road if your ISP changes your PD range.

    I haven't try in a while but add rules to your LAN interface, nothing is needed is on your WAN interface if i remember correctly.
    try something like this:

    src - any
    dst - ipv6 of your host
    dst port - 80



  • I know I can do this, but I'm looking for something that works properly even if a different prefix is assigned by the ISP.



  • There isn't  anyway to configure it via the gui the I know of.



  • Can you just put them on different LANs or VLANs? Comcast will give you up to 16 /64 prefixes, so you could just put the "open" hosts in one (basically, a DMZ) and the locked down ones in another.