I'm looking for creative ways to address the following problem: I'm setting up IPv6 at home with dhcpv6-pd (Comcast residential). Nonetheless, I'd like to open the IPv6 firewall for a few services on my LAN. Say one of these services is HTTP. At the most basic level, I can always add a rule such as this to my WANv6_IN section:
rule 31 {
action accept
description "http to wind"
destination {
address 2601:647:4601:1752:xxxx:xxff:fexx:xxxx
port 80
}
log disable
protocol tcp
}The problem, obviously, is that in this context, the prefix (in this example 2601:647:4601:1752
is actually dynamic, per the dhcpv6-pd config above. In practice, I see it change on a fairly regular basis, every two to four weeks or so.
Can anyone think of an approach that would allow me to enter appropriate accept rules in my incoming IPv6 firewall, while being able to handle the dynamic nature of the destination address?
Thanks!