We would like to use the router as firewall for our LAN network for IPv4 and IPv6.
We use recent rules to limit access to some ports.
It works good with IPv4 because we ban the source IP and it’s fine.
In the case of IPv6 the attacker can easily have access to a complet /64 subnet to do their attacks.
In this scenario ban the address is pointless.
We expect to be able to match source subnet instead of source address to limit new connections.
If the subnet size can be configurable it would be even better.