Firewall rule with hostname instead of IP


#1

I have my Turris at my parrents and I want to allow ssh access to Turris from my dynamic public IP only. I have ddns record. Can I use firewall rule with my ddns hostname instead of dynamic IP?

Thanks


#2

I’m afraid not.
But you can use port knocking https://openwrt.org/docs/guide-user/services/remote_control/portknock.server and/or ssh certificate https://openwrt.org/docs/guide-user/security/dropbear.public-key.auth for increased security.


#3

Instead of opening public accessible ssh-port you might want to have an openvpn-server running on the destination TO to access it’s lan-interface (and from there private ssh-port). For openvpn just use foris one-clicki-solutions.


#4

OpenVPN isn’t solution for me. I don’t want any port opened to the internet. Same story like with ssh. Just want rule for allow one hostname. I can write script with lookup IP behind hostname and add it to the firewall, but Im asking if there is any easier solution for lazy girl :slight_smile: