MSGID: <10k9f75$dhhr$1@dont-email.me> 14fe7b89
REPLY:  800c7e76
PID: PyGate 1.5.2
TID: PyGate/Linux 1.5.2
CHRS: ASCII 1
TZUTC: 0000
REPLYADDR Pancho.Jones@protonmail.com
REPLYTO 3:633/10 UUCP
On 1/14/26 17:49, Anssi Saari wrote:
> Pancho  writes:
> 
>> On 12/30/25 20:00, David Higton wrote:
>>> In message <10iv40e$1e1ba$1@dont-email.me>
>>>             Pancho  wrote:
>>>
>>>> IPv6 seems like a world of pain.
>>> In my experience it just works.
>>>
>>
>> I'm surprised. Accepting that you do not do some of the things I do,
>> like policy routing rules based upon a host computer IP...
> 
> I actually do that. I route my IPTV boxes out via an alternate interface
> due to some stupid contractual issues. So all I did was add routing
> rules with ip -6 rule add from $addr table Magic and all the Magic table
> has is a defaultroute out via the other interface. Same as IPv4. But
> maybe your policy routing is something different?
> 
> For sure this would be a problem if the IPv6 addresses were changing all
> the time but they haven't.

Yes, that is the kind of thing but.. there was a bug in the pfSense 
firewall rules. pfSense is a freeBSD firewall/router.

The bug was that pfSense allows you to predicate firewall rules on an 
"alias", which can be a list of Full Qualified Domain Names. Something 
like if the source host FQDN is in this alias, route over this gateway 
to the WAN. The FQDNs resolve to an IPv4 and IPv6 addresses and then 
checks the IP value in a packet and routes accordingly. This works fine 
for a WAN FQDN, like e.g. www.google.com, it includes both IPv4 and IPv6 
addresses. However, for hosts on my LAN, e.g. myhost.home.arpa if there 
was an IPv4 address it gave only IPv4 and ignored the IPv6 one. I can 
work around it by creating an extra FQDN for IPv6 e.g. 
myhost.ipv6.home.arpa, but it takes time to understand why things don't 
work.

Then there is the issue of the extra random IPv6 addresses it was 
creating, which aren't included in DNS, in the FQDN at all.

That is the second IPv6 bug in pfSense, after the MTU/packet 
fragmentation bug I mentioned earlier, which I'm still trying to get to 
the bottom of.

IPv6 seems surprisingly hard. Surprising if a significant proportion of 
people are using it.


--- PyGate Linux v1.5.2
 * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 112 134 200 206 275 300 317 400 426
SEEN-BY: 229/428 470 616 664 700 705 266/512 291/111 292/854 320/219
SEEN-BY: 322/757 342/200 396/45 460/58 633/10 280 414 418 420 422
SEEN-BY: 633/509 2744 712/848 770/1 902/26 2320/105 5020/400 5075/35
PATH: 633/10 280 229/426