One of my server is behind my router and needs a port open for SSH.
Following wiki page " IPv6 firewall examples" I came up with the rule below
config rule option src 'wan' option proto 'tcp' option dest 'lan' option dest_port '30000' option family 'ipv6' option target 'ACCEPT'
With "dest 'lan'" now every LAN device has port 30000 open to Internet, not just my server.
I know the ideal case is I also setup firewall on every computer on LAN, and only allow port 30000 on server. (Which I will do)
But I wonder if it's possible to limit this rule to my server somehow? (e.g. only lan port 2)
dest 'lan2' and
dest 'lan2@eth0' but these didn't work, and IPv6 address probably changes every few days so I don't think
dest_ip would work.
My router (Linksys E8450) currectly runs
OpenWrt 22.03.1 r19777-2853b6d652 / LuCI openwrt-22.03 branch git-23.069.50944-cd8bea9, I set it up yesterday so it should be up to date.