Fw4 MAC address matching

I want to expose some device in LAN with public IPv6, to the internet, and since WAN->LAN is rejected by default, I think I probably need to add some exempt rule, and since my IPv6 PD is dynamic, I opt to use MAC address, where if the destination MAC address matches my device, the WAN->LAN connections should be allowed

But it seems fw4 only allows matching source MAC address? Exposing LAN devices should a pretty popular use case, I guess there must be some others way to achieve that? Would appreciate if someone could shed some light.

You can match on the hostid of the IPv6 address if the prefix changes.


Beyond that, set up an IPv6 DDNS dæmon on the host you want to expose.

I didn't know it's possible to match only the hostid part. That should do it, thanks.

Thanks for the suggestion, I was about to ask that. My device doesn't support the DDNS service I use, but OpenWRT DDNS client does, and centralizing my DDNS would also be nice. I wonder if there is an easy way like the hostid matching trick to directly upload my device's IPv6 with OpenWRT's DDNS client?

I'm not aware of anything pre-made to take care of that, it would probably require original development. Starting a DDNS update service on the exposed host is typically the easiest way out of this issue (but obviously not the only one).

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.