In my case, I get a new prefix every time my router reboots or otherwise loses connection.

Then there's the case of firewall rules. My router gets a new prefix which causes my server to get a new IP, how do I get my firewall (pfSense) to update my firewall pass rules to point to the new IP?

I must admit I haven't tried really hard, so there might be some obvious ways I'm missing.

If your prefix is always skipping, you have to complain to your ISP and meanwhile automate your network renumbering. Is there a reason you are not using the pfsense device to do routing and (put the cpe device to bridge mode)? Then you don't need to worry about your firewall not knowing about reboots, and the firewall rules will just work (assuming pfsense supports using prefix relative rules, vs hardcoding the prefix to all firewall rules...)

The cable modem is a dumb bridge, and the pfSense is doing the routing (AFAIK). I can't see any way to do relative rules though, which is what makes it difficult. Maybe I'm missing something though.

The manual seems to talk about host and network aliases, which might be what you want. Hopefully there are magic aliases for the interface networkts.

edit: https://docs.netgate.com/pfsense/en/latest/firewall/firewall... also talks about "LAN net" and "WAN net" aliases.

Not necessarily. How would I go about making these IPs easily discoverable by other hosts? DNS again?

Or mDNS: http://www.multicastdns.org/

As used by Apple’s Bonjour implementation of the Zeroconf networking stack.

If using Debian or the like, just apt install avahi-daemon and libnss-mdns, and access your hosts on the local network as servername.local.

Yes, you would probably then have to allow inbound traffic to these addresses in your ISP router's firewall or whatever you have.

If your router's default configuration is sane it should (by default) only allow returning connections and drop any other.