Carlos E. R. wrote:
On 2023-04-29 14:00, Per Jessen wrote:
Carlos E. R. wrote:
One comes from 2a02:..., which is my prefix. The one that changes, so I can not write that in the firewall rules. [snip] Well, it is a nighmare to find out what machine in the network has a certain IPv6 address. Because it is not only one, it is a bunch of them! And they change! In my case, both the prefix and the suffix.
Admittedly I don't have this issue, so I don't know how well this might work:
- monitor the ipv6 lease file, in /var/lib/NetworkManager
That machine is on wicked.
Oh dear. See my previous posting, only 2mins ago.
- when it changes, check the prefix and if necessary reload your firewall with the new prefix.
The packet I need to allow comes from another machine. The local lease file would not have it.
It doesn't matter - you get the _prefix_, then you alter your firewall to permit any and all traffic in that prefix. -- Per Jessen, Zürich (19.6°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes