There is no need for scripting if you use ULA-addressing instead of GUA-addressing based on the IPv6 prefix from your ISP as ULA-addresses remain static.
E.g. create an ULA-pool:
/ipv6 pool
add name=ULA-pool6 prefix=fd00::/64 prefix-length=64
Assign an address to your router:
/ipv6 address
add address=fd00::1 comment="IPv6 ULA address" interface=LAN
And let DHCPv6 advertise your router as the intranet DNS server:
/ipv6 dhcp-server option
add code=23 name=DNS value=0xfd000000000000000000000000000001
/ipv6 dhcp-server
add dhcp-option=DNS interface=LAN lease-time=30m name=LAN-dhcp6
Even there is no hairpin on IPv6, it’s a good idea to use split-DNS with ULA-adressing in your intranet. This is because a connection, like a Samba share, made to the GUA-address of your server will abort right at the moment your ISP provides you with a new IPv6-prefix.
Therefore use split-DNS with ULA-addressing:
/ip dns static
add address=10.0.0.1 name=samba-server
add address=10.0.0.1 name=samba-server.intra
add address=10.0.0.1 name=samba-server.internet.com
add address=fd00::1 name=samba-server ttl=1m
add address=fd00::1 name=samba-server.intra ttl=1m
add address=fd00::1 name=samba-server.internet.com ttl=1m
About IPv6 firewall-rules: Check the great new “address-list” feature. If you set the host to your DDNS record, it will automatically adopt your firewall rules. This depends on the DDNS TTL but works very simple without the need to script the firewall rules anymore.
In case of split-DNS, you have to make two DDNS entries. One for split-DNS and another one for “address-list”.
This is because “address-list” will use the internal DNS which overwrites the host’s GUA-address with the ULA-address as above.
E.g. if you make an additional DDNS entry with hostname “samba-server6.internet.com”:
/ipv6 firewall address-list
add address=samba-server6.internet.com list=samba-server6.internet.com
You can setup your firewall rule like:
/ipv6 firewall filter
add action=accept chain=forward comment="Forward SSH/HTTP/HTTPS to samba-server.intra" dst-address-list=samba-server6.internet.com dst-port=22,80,443 in-interface=WAN protocol=tcp