Question

Whitelist my home IPv6 network in Cloud Firewall?

Posted February 27, 2020 473 views
IPv6DigitalOcean Cloud Firewalls

Yesterday, I whitelisted my computer’s IPv6 address for SSH into my Droplets. Today, my computer has a different IPv6 address. The first 64 bits are the same (“network part”?) and the last 64 bits have changed (“host part”?).

I have two questions:

  1. Given my IP address or information available on my router, is it possible to tell the range of IP addresses any host on my home network might be assigned?
  2. Given that range, can I whitelist it in Cloud Firewall?

Thank you.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hey there! You can restrict access by IP address, subnets, or CIDR ranges on your DigitalOcean Cloud Firewall.

Your IP range will vary as your ISP can often change your address. Sites like whatismyipaddress.com will often give you some details about your current network, but I wouldn’t recommend restricting SSH to a range of dynamic IP addresses.

Instead, it’s better practice to login in to your Droplet using SSH keys for a non-root user with sudo privileges, and have root login disabled. We have a guide which discusses this further here https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-1804

https://www.digitalocean.com/community/tutorials/understanding-ip-addresses-subnets-and-cidr-notation-for-networking

by Justin Ellingwood
IP addresses, networks, submasks, and CIDR notation can be difficult concepts to understand. In this guide, we will cover some of the basic ideas behind how these systems work together to allow computers to communicate over the internet.
Submit an Answer