The pfSense Store

Author Topic: Disable ipv6 for some LAN clients  (Read 191 times)

0 Members and 1 Guest are viewing this topic.

Offline trumee

  • Jr. Member
  • **
  • Posts: 88
  • Karma: +1/-0
    • View Profile
Disable ipv6 for some LAN clients
« on: January 01, 2018, 03:48:22 pm »
Hello,

It is possible to deny DHCP ipv6 address to some LAN clients?

Thanks

Offline Napsterbater

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +3/-0
    • View Profile
Re: Disable ipv6 for some LAN clients
« Reply #1 on: January 01, 2018, 03:54:13 pm »
Hello,

It is possible to deny DHCP ipv6 address to some LAN clients?

Thanks

No

And keep in mind it wouldn't stop SLAAC, even if RA is set to "Managed" some clients will still SLAAC.

Offline hda

  • Sr. Member
  • ****
  • Posts: 595
  • Karma: +32/-4
    • View Profile
Re: Disable ipv6 for some LAN clients
« Reply #2 on: January 01, 2018, 07:22:59 pm »
And keep in mind it wouldn't stop SLAAC, even if RA is set to "Managed" some clients will still SLAAC.
...and not succeed to obtain an address. Did you test this explicitly ?

Offline Napsterbater

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +3/-0
    • View Profile
Re: Disable ipv6 for some LAN clients
« Reply #3 on: January 01, 2018, 08:37:27 pm »
And keep in mind it wouldn't stop SLAAC, even if RA is set to "Managed" some clients will still SLAAC.
...and not succeed to obtain an address. Did you test this explicitly ?

Didn't say it was right, only that some (very few) have done it. Been awhile since I saw it, think it was Android, or just a subset of them. It was a while ago.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14767
  • Karma: +1372/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Disable ipv6 for some LAN clients
« Reply #4 on: January 02, 2018, 05:02:37 am »
If your wanting to use ipv6 for some clients and not others you have 2 ways to go about it if you ask me..

1) Complete static do not run RA, do not run dhcpipv6.. Any clients that want to use ipv6 will have to be setup static ipv6 to be able to talk to pfsense, and get outbound on it, etc.  This allows you to easy firewall and only allow specific IPs that you set on clients.  Your going to want to turn off privacy ipv6 on the client as well or they will just use some random ipv6 in the prefix you setup as their outgoing source IPv6..

2) You can setup RA and or dhcpv6, etc..  But disable ipv6 on the client completely..  This might not be available on some clients, refer to option 1

I use option 1... It allows me to use ipv6 on the devices I want to use ipv6 on while not have to worry about it on other devices..  Actually sort of a hybrid of 1 and 2 - since I also disable ipv6 on any device I can that I am not going to be using it on..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)