"Sonic" [email protected] – 29 June 2026 at 11:36 pm
> Is it possible to write pf pass/block rules that match the ipv6
> interface ID and ignore the prefix (a wildcard prefix if that makes
> sense)?
> As my ISP's assigned prefix is not static/stable, and my systems
> always create the same IID when using SLAAC, it would really be
> helpful to have this feature for ipv6 firewalling.
 
Does (network_if:0) not work here?
 
pass in on $ext_if inet6 to ($ext_if:0) port https
 
Which will handle changes to the address on the interface?
 
Do you have an example (minus your real address) of what you are looking for?
 
Cheers,
 
Jason.

Reply via email to