"Sonic" [email protected] – 29 June 2026 at 11:36 pm
> Is it possible to write pf pass/block rules that match the ipv6
> interface ID and ignore the prefix (a wildcard prefix if that makes
> sense)?
> As my ISP's assigned prefix is not static/stable, and my systems
> always create the same IID when using SLAAC, it would really be
> helpful to have this feature for ipv6 firewalling.
Does (network_if:0) not work here?
pass in on $ext_if inet6 to ($ext_if:0) port https
Which will handle changes to the address on the interface?
Do you have an example (minus your real address) of what you are looking for?
Cheers,
Jason.