Support access lists in dynamc IPv6 prefix delegation scenarios

[deviantintegral]

Is your feature request related to a problem? Please describe.

My ISP provisions dynamic addresses for IPv6 that can change. What that means is that the IPv6 addresses of my hosts in my LAN can change over time.

Before I set up IPv6 fully, I had access lists to limit access to a few backend apps so they would require being on the LAN or connected over a VPN. Doing this with IPv6 has turned out to be very difficult, because the prefix I'm delegated changes.

At best, I can limit access by IP to any IP address owned by my ISP based on their prefix which won't change.

Describe the solution you'd like

My firewall (OPNSense) has a feature where you can define rules based on a dynamic prefix.

https://docs.opnsense.org/manual/aliases.html#dynamic-ipv6-host

Something like this could work. However, it's also difficult because the Docker container may not have the public IP address visible. I think to determine that you'd have to do a remote curl call to a service to get the IP, and periodically update it.

Describe alternatives you've considered

If I add a rule at the firewall for this, it will limit all nginx hosts and not just the few I want. Since I want to limit by host, the only place in the stack to do it is at the nginx-proxy-manager level.