Firewall Inbound Access to Dynamic IP

Hi! I’ve just begun using the Pepwave Surf SOHO MK3, 6.3.3 build 1068. I would like to set the firewall so that inbound access is limited to my ISP, which assigns a dynamic IP address for residential users like myself. Is it possible to set the Source IP & Port so that the firewall can adjust automatically when the dynamic IP changes?

Thank you for your help,

bburch

Do you have network diagram that can share here to illustrate what you want to achieve ?

1 Like

reverse DNS on the firewall ?
or dyndns on your isp link anddns based firewall rules?

seems cool but also a bit tricky/unsafe

Thanks, sitloongs and Venn, for your replies! I am trying to accomplish what MartinLangmaid is suggesting on the Pepwave forum here. This is a screenshot of his reply, which concerns a Surf that sits behind another router which is behind an ISP modem or gateway.

My Surf sits behind my ISPs gateway, and I would like to set the Surf’s firewall to limit all incoming traffic to that which comes through my ISP. A problem is that the ISP assigns dynamic IPs to residential customers. Is there a way to accomplish what MartinLangmaid is suggesting for a dynamic IP? Thanks for your advice!

In that example, the assumption is that the ISP router is using NAT, so has a public WAN IP and private LAN IP. I am referring to the LAN IP of Your ISP router which never changes - not the public IP which is frequently dynamic…

2 Likes

Would your security needs be sufficient by limiting the source IP to a certain subnet? Most ISP own their subnet. For example 111.22.333.000 / 24.

We use this method for remote VoIP users who are using a softphone on their mobile device. I restrict inbound ports to the SIP range, and source IP to the ISP’s subnet. All I’m trying to do is block the world wide bad people trying to make calls from my server. Not likely they would be coming from a Verizon Wireless subnet.

1 Like

Thanks, Martin, for your very helpful advice!

1 Like

Thanks, Don! I have implemented Martin’s and your advice, limiting the inbound traffic to that which originates from my ISP.

1 Like