Thank you for this great tool, Its been my to go for any new homelab deployment, I have a question regarding an issue I am facing lately
I have some devices that run remotely on dynamic ip, where in the event they lost power would get a new ip or reboot. There is a way I can link these device to DDNS however I have no way to add a dynamic dns for Nethserver allow list, would only allow CDIR which is the issue I am having
Is there anyway I can lock a port forwarding allow list to DDNS instead of ips, it would be awesome if there is a way around this
Thanks for this great community and Happy Holidays
Firewalls, as port forwarding, donāt understand hostnames, only IPs.
Maybe some other firewall software allow to do that but introduce at least the vulnerability about DNS Poisoning. I donāt know which firewall developer would do this.
One option you can use is Site2Site VPNs. These work quite well using either IPsec V2 or OpenVPN.
It can also work with Wireguard, but thereās no GUI in NethServer for that.
And yes, all three can work with DynamicDNS names.
Youāld be connected to all remote devices, and secure using VPNā¦
My 2 cents
Andy
PS:
Pike is right, firewalls work with IPs and Ports, not with DNS names.
There are certain firewall models from certain firewall vendors which allows the use of hostname.
However, the preference should always be to use IP Addresses by default from a security perspective in order to prevent the obvious DNS Poisoning issue which @pike mentioned.
A cronjob that periodically checks the domain IP and changes the firewall object accordingly is another option but not the best/safer one.
Some examples:
Well the concept of using the ddns would be just so it would refresh their new ip and whitelist on that port forwarding rule, I wish there would be a way around this as vpn is the current option we have, Thanks again