Carlos E. R. wrote:
One comes from 2a02:..., which is my prefix. The one that changes, so I can not write that in the firewall rules. [snip] Well, it is a nighmare to find out what machine in the network has a certain IPv6 address. Because it is not only one, it is a bunch of them! And they change! In my case, both the prefix and the suffix.
Admittedly I don't have this issue, so I don't know how well this might work: - monitor the ipv6 lease file, in /var/lib/NetworkManager - when it changes, check the prefix and if necessary reload your firewall with the new prefix. (I'll post a better example in a minute).
I do not see how to allow them in the firewall. Or silence them (just them).
Just a rule to permit port 5353, src and dst. Or just a rule to drop port 5353, src and dst. -- Per Jessen, Zürich (17.2°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes