Question
Whitelist my home IPv6 network in Cloud Firewall?
- Posted on February 27, 2020
- IPv6DigitalOcean Cloud Firewalls
Asked by Annika Backstrom
Yesterday, I whitelisted my computer’s IPv6 address for SSH into my Droplets. Today, my computer has a different IPv6 address. The first 64 bits are the same (“network part”?) and the last 64 bits have changed (“host part”?).
I have two questions:
- Given my IP address or information available on my router, is it possible to tell the range of IP addresses any host on my home network might be assigned?
- Given that range, can I whitelist it in Cloud Firewall?
Thank you.
Submit an answer
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hey there! You can restrict access by IP address, subnets, or CIDR ranges on your DigitalOcean Cloud Firewall.
Your IP range will vary as your ISP can often change your address. Sites like whatismyipaddress.com will often give you some details about your current network, but I wouldn’t recommend restricting SSH to a range of dynamic IP addresses.
Instead, it’s better practice to login in to your Droplet using SSH keys for a non-root user with sudo privileges, and have root login disabled. We have a guide which discusses this further here https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-1804
https://www.digitalocean.com/community/tutorials/understanding-ip-addresses-subnets-and-cidr-notation-for-networking