I want to set up IPv4/IPv6 dual stack on my internet connection and my local network. To that end I want to change the firewalls on some of the machines to allow incoming traffic for certain applications from the internet, and other from the local network only. To that end I hoped to be able to do:
ufw allow internet-application
ufw allow from 192.168.0.0/24 to any app lan-application
ufw allow from fe80::/64 to any app lan-application
Unfortunately however, my home router's DNS does not resolve local machines AAAA records to their link local fe80::/64
addresses, but to their global addresses (including the prefix that changes according to what my ISP tells me).
So I was thinking maybe I need to set the firewall to accept incoming traffic from any address within the prefix that's shared by all devices in the network? Is that right? And if that's right, how would I do that?
The alternative, making my DNS server return fe80::/64
addresses for local host names doesn't seem to be possible as I don't see any settings for that.