Netgate SG-1000 microFirewall

Author Topic: IPv6 firewall rule dynamic IP  (Read 4402 times)

0 Members and 1 Guest are viewing this topic.

Offline pox

  • Jr. Member
  • **
  • Posts: 71
  • Karma: +0/-0
    • View Profile
Re: IPv6 firewall rule dynamic IP
« Reply #30 on: September 13, 2017, 04:55:27 am »
Basically, suppose you have a torrent-downloader running and it's also listening on IPv6

Using IPv6 prefix delegation, I'm getting a public IPV6 address on my pc. Fine :) Outgoing connectivity works great

How do I enable 1 port to be opened toward my ipv6 address inside my network? I can just add a rule in the firewall, that works... untill the provider gives me another ipv6 address

Is there a way to dynamically track this?

This is an old thread, but for my own sake I write here how I did it:

The torrent server uses privacy addresses, so they change regularly.
I made a cron job on the torrent server that does
Code: [Select]
ip addr show dev eth0|grep inet6 |grep global|awk '{print $2}'|awk 'BEGIN { FS = "/" }; {print $1}' >/var/www/html/WNMpyVH7t9V08MCvF91zSBuGNvsJaawW1JTq6tQl6Z0A7ohwHsGv9Z05vYTOqQ5Oyp.txt
This saves all IPv6 addresses currently in use by the torrent server.
Then on pFsense I created an URL alias, fetching that file from the torrent server periodically.
Then I created a firewall rule to allow access to that alias on the torrent ports.