One of my server is behind my router and needs a port open for SSH.
Following wiki page " IPv6 firewall examples" I came up with the rule below
config rule
option src 'wan'
option proto 'tcp'
option dest 'lan'
option dest_port '30000'
option family 'ipv6'
option target 'ACCEPT'
With "dest 'lan'" now every LAN device has port 30000 open to Internet, not just my server.
I know the ideal case is I also setup firewall on every computer on LAN, and only allow port 30000 on server. (Which I will do)
But I wonder if it's possible to limit this rule to my server somehow? (e.g. only lan port 2)
I've tried dest 'lan2'
and dest 'lan2@eth0'
but these didn't work, and IPv6 address probably changes every few days so I don't think dest_ip
would work.
My router (Linksys E8450) currectly runs OpenWrt 22.03.1 r19777-2853b6d652 / LuCI openwrt-22.03 branch git-23.069.50944-cd8bea9
, I set it up yesterday so it should be up to date.