On Fri, Apr 10, 2026 at 1:29 PM Peter Hessler <[email protected]> wrote: > You'll need to show your pf.conf for us to properly debug it, but I > predict the issue is either you are using dns names in pf.conf (which > only resolve at pfctl time...) or you forgot to add ()'s around > interfaces, so it only has the addresses that were assigned at pfctl > time. > > Probably sprinkle some (egress) or (em0) in your ruleset, especially if > you receive your own addresses from slaac/dhcp.
No DNS names in pf.conf. I do use parens for the ipv4 nat rules ($ext_if). And also use egress. However I've been using "inside" - pass in on inside - for example. And I think that is what caused the issue. I've changed the inet6 pass rule: from: pass in on inside inet6... to: pass in on $int_if inet6... And that seems to have resolved the issue. At least one successful reboot without losing ipv6 access. Thank you! Chris
