Hi everyone, is there a way with to identify and filter automatically generated, MAC-based IPv6 addresses in pf? I think there was some bit set or flipped in the MAC-based or the RFC 4941 privacy extensions based addresses. But I then still had to match an address based on a single bit (and the networks prefix, of course). Are bitwise matches even possible with pf?
The usecase, of course, is to prevent devices too stupid or too poorly configured to use the privacy extensions to access anything outside the LAN via IPv6. Kind regards, Florian
