Traffic rule with domain name


Can I create a traffic rule where I specify the source IP with domain name?
I would like to limit the VPN access to our summer cottage so it only accept the IP from my home. My home router uses DDNS.


This requires to periodically re-resolve your domain name and update firewall rules accordingly.
It doesn't look to be simple and reliable to implement, and I don't think it's worth the effort.
Depending on your VPN type, it's better to utilize some other ways for security hardening.


I use this script and run it as a cronjob.


dnsIP=$(nslookup <> | grep 'Address 1' | awk '{print $NF}')
fwIP=$(uci get firewall.ovpn.src_ip)

if [ $fwIP != $dnsIP ]
	uci set firewall.ovpn.src_ip=$dnsIP
	uci commit firewall.ovpn.src_ip
	logger -t ovpnFW OpenVPN firewall src_ip change $fwIP -> $dnsIP
	logger -t ovpnFW OpenVPN firewall src_ip $fwIP

Note that you risk losing access if your DDNS provider stops working one day.
I think it's better to use tls-crypt and restrict user and group dropping the service privileges.

I will use tls as well.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.