"Sonic" [email protected] – 30 June 2026 at 12:38 pm
> On Mon, Jun 29, 2026 at 6:47 PM Jason Tubnor <[email protected]> wrote:
> > Does (network_if:0) not work here?
> No, it doesn't allow pass/block/etc. rules applied to hosts.
> Whereas with xxxx:xxxx:xxxx:xxxx:zzzz:zzzz:zzzz:zzzz a way to match on
> the "z" part, the IID, alone, without regard to the "x" part, the
> prefix, would allow for stable pf rules even when the ISP changes the
> prefix.
> 
 
While I object to ISPs playing IPv4 games with IPv6 and not provide sticky GUA 
subnets, I think your only option here is ULA (fc00::/7) and do NAT based on 
service. I can't see how PF could be coded to pass on host suffix alone.
 
Cheers.

Reply via email to