IPv6 Firewall - Protecting specific hosts

I’m just starting to play with IPv6, so this may be me misunderstanding things.

In the IPv6 firewall I have added rules based on source and destination network addresses, but I also want to have very specific rules for particular hosts, i.e. to make them globally visible whilst protecting the rest of the network, however I’m only allowed to enter a network address. Does this mean I have to create a subnet somewhere between my allocation subnet and /127 to create a DMZ network? This would work in theory, but seems a little clunky after being familiar with entering specific host addresses in IPv4.

Surely I should be able to enter a host address in the firewall which is a member of whatever size subnet I want.

Regards


Chris Macneill

After some further investigation it would appear you are allowed to add host addresses to filters in the Src/Dst Address Lists under the Advanced tab (using WinBox). However, this still means that there is a difference in functionality between the IPv4 and IPv6 Firewalls in RouterOS. The IPv4 firewall allows network or host addresses to be entered into the Src/Dst Address fields in the General tab and the lists in the Advanced tab. For consistency it would be useful if both the IPv4 and IPv6 Firewalls behaved in the same way.

Regards

Chris Macneill