The pfSense Store

Author Topic: Selectively block IPv6  (Read 175 times)

0 Members and 1 Guest are viewing this topic.

Offline andyring

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Selectively block IPv6
« on: November 10, 2017, 10:15:23 am »
I saw a similar question posed in the forums but it's not quite what I'm after.

I've got a pretty typical pfsense 2.4.1 setup running just fine at home, including IPv6 from my ISP.

First and foremost, I DO NOT want to get rid of IPv6 as a whole.

But, I have a 12-year-old with an iPod.

I use OpenDNS for content filtering and it works pretty well, with the exception of IPv6. OpenDNS does not do any filtering on IPv6 and they openly admit it.

On iOS devices, it is not possible to disable IPv6. If it were, that would be the easy/obvious solution. However Apple provides no way to disable IPv6 on the device.

Therefore, I am hoping a way exists within pfsense to, for instance, NOT hand out an IPv6 address to specific MAC addresses. Or maybe give the device a deliberately invalid address. Something, anything, to block IPv6 for specific clients.

I don't want it blocked for my whole network.

Any ideas?


Thanks in advance!


-Andy

Offline mloiterman

  • Jr. Member
  • **
  • Posts: 61
  • Karma: +1/-0
    • View Profile
Re: Selectively block IPv6
« Reply #1 on: November 10, 2017, 08:10:52 pm »
I'm interested in knowing how to selectively block IPV6 too.
« Last Edit: November 10, 2017, 09:15:52 pm by mloiterman »

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 357
  • Karma: +26/-0
    • View Profile
Re: Selectively block IPv6
« Reply #2 on: November 11, 2017, 04:01:37 am »
The only way I can think of doing it would be to create a new SSID for him and don't enable IPv6 on the subnet, you could also schedule the SSID to only work between certain hours.

But it's not the answer you want.

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 396
  • Karma: +42/-2
    • View Profile
Re: Selectively block IPv6
« Reply #3 on: November 11, 2017, 12:39:28 pm »
You might be able to get away with trying managed only on dhcpv6, set up a static assignment for his device, then add a firewall rule to block that address from the internet...

Worth a try...
pfSense 2.4.3 on Qotom Q335G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 545
  • Karma: +73/-4
    • View Profile
Re: Selectively block IPv6
« Reply #4 on: November 13, 2017, 09:28:37 pm »
You might be able to get away with trying managed only on dhcpv6, set up a static assignment for his device, then add a firewall rule to block that address from the internet...

Worth a try...
This is probably the best solution... and should work as long as the prefix from your ISP doesn't change.

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 396
  • Karma: +42/-2
    • View Profile
Re: Selectively block IPv6
« Reply #5 on: November 14, 2017, 12:50:40 am »
You might be able to get away with trying managed only on dhcpv6, set up a static assignment for his device, then add a firewall rule to block that address from the internet...

Worth a try...
This is probably the best solution... and should work as long as the prefix from your ISP doesn't change.

One slight issue, pretty sure some or all Android devices won't play though as they rely on on SLAC, but that's not a showstopper, they will still run on v4.
pfSense 2.4.3 on Qotom Q335G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.