networking

Here's my story of trying to use IPV6 for the past 3 days, and I know I'm not a typical user.

I use Opnsense as a router firewall. Using IPv4, 5/6 VLANs, almost all devices statically addressed with alias's configured for each. This lets me have firewall rules like "block youtube on the kids devices", or "use a different DNS server for the wife", only allow the fire stick to access the internet after 7am. That sort of thing.

First problem is working out how to even get IPv6 on the WAN and what it even means that my ISP has given me a /48 and a /64. Loads of reading and some cobbling together later I have it. But no clients are getting addresses. Eventually fix that and now they have an address. But I don't want to use SLAAC as that's a nightmware to keep track of, DHCPv6 doesn't work for android devices so they'll be on IPv4 anyway. I don't want each client to have a globally unique address as that just allows insane tracking. I don't know if my IPv6 address will ever change, but it seems likley it will and that would be a nightmare to fix. I manage to get private fd00/8 addresses allocated to clients, but I don't know how to configure IPv6 NAT so devices have an IPv6 IP, but can't access through the WAN using it. And by that point I just don't see the point any more. I'd just be duplicating all my rules that would be far too time consuming, confusing and I don't see the point.

I want local private IP addresses. I don't want clients to have unique IPs. I want the addresses to be known and static. I want my firewall rules to be tied to specific addresses for 90%+ of devices.