Generate netfilter rule for specified PC with ipv6 addresses automatically?

Hey, guys! I get a problem here. I want to expose one of my PCs to the internet, but the GUAs generated with the prefix (which come from ipv6-PD) change over time. If I add traffic rules to the firewall manually, I have to modify the "Destination address" every time the GUAs change. Is there any way to get this to be done automatically?

If you assign a static DHCPv6 lease for the host, you can then configure the firewall rule to only match on the hostid portion, therefore a changing prefix won't alter the rule's logic. See:

Thanks, it works for a static lease GUA! But what about the Temporary GUA used in windows?

How does the external request get initiated? Can you have external access advertised/published only with the “semi-static” IP?

Sorry, my english is poor, I don't understand what you mean.
One of my purposes is to let other peers connect to my utorrent client.
I just wonder is it possible do it without disable the "Privacy Extension" function in windows?

I found a similar thread here:https://forum.openwrt.org/t/firewall4-nftables-rules-for-android-ipv6-clients/128295

Writing rules based on device MAC is your only option.

One just can't rely on filtering by IPv6 address in your average home network. Prefix changes by ISP, privacy IPv6 by default in all major OS'es, inability to use DHCPv6 because of Android policy.

And, to be honest, that's OK, filtering by MAC works just fine.

1 Like