Kee Hinckley on Nostr: I want to set up a firewall rule for my personal machines that allows ssh/vnc/… ...
I want to set up a firewall rule for my personal machines that allows ssh/vnc/… connections to my Macs from the local home network *or* from tailscale. But not from anyone else.
I don’t really see a way of doing this other than by the networks used. But if I plug my laptop into a random cafe wifi, there’s nothing that says they won’t be using the same network (not likely, esp since my local net is not a normally used one, but possible).
Tailscale appears to use 100.64.0.0/10. I haven’t looked into what their ipv6 network is. They are static though, but then I need to update the firewall rule every time I add a machine (not the end of the world, but a pain).
But this all seems pretty hacky. Is there a better way?
I will say though. I’m really enjoying closing down all those external router holes. Plex is now local only. SSH is now local only. At some point I’d like to not be relying on tailscale’s service for all this (and that looks feasible…there’s an open source effort in that direction), but this is still great. And tailscale adding support for AppleTV is awesome. I’m going to be alternating between the US and Mexico, and I’ll have an tailscale exit node on both locations running on the AppleTV, which means I can make my Mexican AppleTV think it’s in my house in the US, or vice versa.
I don’t really see a way of doing this other than by the networks used. But if I plug my laptop into a random cafe wifi, there’s nothing that says they won’t be using the same network (not likely, esp since my local net is not a normally used one, but possible).
Tailscale appears to use 100.64.0.0/10. I haven’t looked into what their ipv6 network is. They are static though, but then I need to update the firewall rule every time I add a machine (not the end of the world, but a pain).
But this all seems pretty hacky. Is there a better way?
I will say though. I’m really enjoying closing down all those external router holes. Plex is now local only. SSH is now local only. At some point I’d like to not be relying on tailscale’s service for all this (and that looks feasible…there’s an open source effort in that direction), but this is still great. And tailscale adding support for AppleTV is awesome. I’m going to be alternating between the US and Mexico, and I’ll have an tailscale exit node on both locations running on the AppleTV, which means I can make my Mexican AppleTV think it’s in my house in the US, or vice versa.