• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Dynamic source filter changes

Scheduled Pinned Locked Moved Firewalling
1 Posts 1 Posters 387 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    Journer
    last edited by Oct 13, 2017, 10:51 AM

    I have my domain DNS hosted by cloudflare and use it for proxying https requests and of course other security benefits they offer.  I also have IPSec setup for my phone and laptop when on the road

    I want to restrict the source of my IPSec port forward rule to only allow the IP of my mobile phone or laptop (when away from home).  However, the IP address is dynamic, especially given I'm connected to random hotspots all the time.

    My idea was to use Dynamic DNS on the phone itself.  However, I'd like to avoid exposing the ip to public DNS if possible.

    I'm thinking of running an internal dyndns solution that can be updated via https (which is proxied by cloudflare) and of course some authentication.  When the phone pushes an update, the internal dyndns would update Unbound.  The firewall rule is tied to the dns entry, thus allowing me to IPSec from the new IP.

    Obviously there is some security concerns around my internal DNS getting pwned; trying to think how I could limit updates to a specific hostname

    Curious what others think of this idea.  Might be better security wise to just push the Ip to public dns…

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received