3
1
I would like to allow inbound IPv6 traffic on ports 80/443 for a globally routable web server on my home network. What's the best way to do this with OpenWrt, which by default blocks incoming IPv6 traffic (as a good firewall should)?
My ISP (Comcast) assigns me a /60 prefix for delegation via DHCPv6. It sometimes changes. The web server (Ubuntu) gets a global IPv6 address via SLAAC from the OpenWrt router.
As per https://wiki.openwrt.org/doc/uci/firewall#port_accept_for_ipv6 you can set up a traffic rule to allow this kind of traffic:
To open port 80 so that a local webserver at 2001:db8:42::1337 can be reached from the Internet:
config rule option src wan option proto tcp option dest lan option dest_ip 2001:db8:42::1337 option dest_port 80 option family ipv6 option target ACCEPT
Easy enough, except.... the destination IP is hard-coded!
How might one set up this type of rule when the destination IP is potentially changing? (due to changes in the delegated prefix from my ISP). Presumably, it has to be updated periodically.... Has anyone attempted this and if so, what works well / doesn't work well?
For this answer to be useful, you should at least try and explain what the script does.
Read it yourself
answers are not very useful, on a Q&A site, and they are surely frowned up on StackExchange. – MariusMatutiae – 2016-07-28T11:47:44.083