I have /64 prefixes carved out of /56, I have configured four prefixes in IPv6/addresses for VLANs and WG server:
2a00:1234:123:b00::1/64 VLAN10
2a00:1234:123:b01::1/64 VLAN20
2a00:1234:123:b02::1/64 VLAN30
2a00:1234:123:b03::1/64 wg
I have some hosts in VLANs 10, 20 and in WG server statically configured for IPv6, that works. Now, for VLAN30 I’d like to enable ND and configure all hosts in this VLAN dynamically:
Interface: vlan30
RA Interval: 200-600
RA Delay: 3
RA Preference: medium
RA Lifetime: 1800
Hop Limit: 64
Advertise MAC Address enabled
Advertise DNS enabled.
Unfortunately because of prefixes configured in Adresses it created automatically dynamic prefixes I can’t remove. Because of this if I enable ND interface it deploys IPv6 addresses in all 10, 20, 30 VLANs which is not what I want. I’ve added some IPv6 Firewall rules:
add action=drop chain=forward dst-address=ff02::1/128 icmp-options=134:0-255 in-interface-list="VLANs with no ND" protocol=icmpv6 src-address=::/0
add action=drop chain=forward dst-address=ff02::1:ff00:0/104 icmp-options=135:0-255 in-interface-list="VLANs with no ND" protocol=icmpv6 src-address=::/0
add action=drop chain=forward dst-address=ff02::1:ff00:0/104 icmp-options=136:0-255 in-interface-list="VLANs with no ND" protocol=icmpv6 src-address=::/0
VLANs with no ND are all VLAN interfaces except vlan30. How can I make this working for single VLAN only?
