Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#2031 - fw3, IPv6: create rules with hostnames instead of dest_ip #5986

Closed
openwrt-bot opened this issue Dec 27, 2018 · 0 comments
Closed
Labels

Comments

@openwrt-bot
Copy link

dllud:

Currently, opening a port on fw3 to allow a local server to be reached from the Internet via IPv6, requires the hardcoding of the destination IPv6 address in the dest_ip option. Here's the example on the [[https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_ipv6_examples|fw3 IPv6 Configuration Examples]] wiki page:
config rule
option src wan
option proto tcp
option dest lan
option dest_ip 2001:db8:42::1337
option dest_port 80
option family ipv6
option target ACCEPT

Having an hardcoded IPv6 address becomes troublesome when the public IPv6 prefix changes. This can happen regularly with some ISPs, forcing users to edit the rule.

It would much helpful if one could specify a destination hostname instead of an IP address. fw3 would then have to check the current leases and translate the hostname.

An hardcoded IP address in the firewall rules was no issue with IPv4, since on most scenarios all destination addresses were local and could be statically attributed on /etc/config/dhcp. IPv6 public prefix delegation changes this and IMO requires more flexible rules on fw3.

This feature request follows the [[https://superuser.com/questions/1090691/how-to-set-up-openwrt-traffic-rule-for-port-forwarding-ipv6-server-on-my-lan|How to set up OpenWrt traffic rule for port forwarding IPv6 server on my LAN?]] question on SuperUser by James Johnston.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant