Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dynamic source filter changes

    Firewalling
    1
    1
    227
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Journer
      last edited by

      I have my domain DNS hosted by cloudflare and use it for proxying https requests and of course other security benefits they offer.  I also have IPSec setup for my phone and laptop when on the road

      I want to restrict the source of my IPSec port forward rule to only allow the IP of my mobile phone or laptop (when away from home).  However, the IP address is dynamic, especially given I'm connected to random hotspots all the time.

      My idea was to use Dynamic DNS on the phone itself.  However, I'd like to avoid exposing the ip to public DNS if possible.

      I'm thinking of running an internal dyndns solution that can be updated via https (which is proxied by cloudflare) and of course some authentication.  When the phone pushes an update, the internal dyndns would update Unbound.  The firewall rule is tied to the dns entry, thus allowing me to IPSec from the new IP.

      Obviously there is some security concerns around my internal DNS getting pwned; trying to think how I could limit updates to a specific hostname

      Curious what others think of this idea.  Might be better security wise to just push the Ip to public dns…

      1 Reply Last reply Reply Quote 0
      • First post
        Last post