Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Add local IPv6 to DNS and firewall config?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Add local IPv6 to DNS and firewall config? (Read 3207 times)
chris42
Newbie
Posts: 49
Karma: 4
Add local IPv6 to DNS and firewall config?
«
on:
April 05, 2019, 04:13:08 pm »
Hi there,
is there a possibility to add IPv6 DNS entries to unbound on Opnsense and the firewall configuration? Similar to a dyndns option?
To explain a bit further what I am looking for (might be a completely different solution possible):
I have a docker setup behind Opnsense in which multiple containers will spawn which have outside access. I am able to update my regular DNS via dyndns, hence making them reachable. However within Opnsense the IPv6 of the containers are not known. As I see the configuration, I could delegate a prefix or use DHCP for the docker host, but would never be able to know the IPv6s of the containers.
Therefore I cannot configure the Opnsense firewall per container but only for a delegated subnet. Now out of IPv4 that would not have been a problem, as docker would only expose configured ports for a container via the NAT configuration. With IPv6 this is different, as - no NAT - all ports are exposed.
Hence I need to setup extra IPv6 filtering for each container on the docker host.
tldr;: What I am looking for:
Basically the possibility to have a central firewall in Opnsense
- register IPv6 of each container similar to dyndns in Opnsense, e.g. unbound
- access registered container in firewall to use as targets in rules
- trigger mechanism, as when container IPv6 is updated to reload firewall rules.
Anyone has an idea, if this is remotely possible?
Logged
lrosenman
Full Member
Posts: 197
Karma: 8
Re: Add local IPv6 to DNS and firewall config?
«
Reply #1 on:
April 05, 2019, 04:19:49 pm »
can the container run nsupdate?
Logged
chris42
Newbie
Posts: 49
Karma: 4
Re: Add local IPv6 to DNS and firewall config?
«
Reply #2 on:
April 05, 2019, 04:28:12 pm »
The docker host can, which knows all the container IPv6s. DynDNS script is running there as well.
As I understand this, that would be an update request following RFC2136. Never used nsupdate and always thought unbound can't do RFC2136?
Would that info show up for firewall config as well?
Logged
lrosenman
Full Member
Posts: 197
Karma: 8
Re: Add local IPv6 to DNS and firewall config?
«
Reply #3 on:
April 05, 2019, 04:45:31 pm »
I don't bother with DNS on OPNSense, I just use my own public BIND9 server and do RFC2136.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Add local IPv6 to DNS and firewall config?