Comment on IPv6 for self hosters
CompactFlax@discuss.tchncs.de 1 week ago
I still haven’t figured out how to make a firewall rule with slaac on pfsense, with an ISP that hands out addresses at random. It’s my understanding’s slaac is the “right” way to do things, not dhcp and reservations.
Granted, it’s been a minute since I tried so I don’t remember the issues, but as I recall, when ipv6 prefix changes, device gets new IP (and it seems not just the prefix part. I can get the firewall to register IPs into DNS and use a dns based firewall rule, but unbound restarts and blows out its cache when a device joins the network. And there another part to it but it’s all gone fuzzy.
possiblylinux127@lemmy.zip 1 week ago
You probably need private addressing
SLAAC shouldn’t be used with static IPs
Markaos@discuss.tchncs.de 1 week ago
The “correct” way to handle “static” addresses with dynamic prefix is using tokenized network interfaces (which is pretty much just the lower 64 bits of the IPv6 address). That will then be used for SLAAC in addition to the randomly generated address. The support for dynamic prefixes in firewalls on Linux and Mikrotik is however still pretty dire (obviously, as it’s not an enterprise feature). No clue about BSDs/pfSense