Use floating rule to allow dns query on OPNsense

sirio81 · April 09, 2018, 04:17:38 PM

Hi All, I have an OPNsense 18.1 with 3 nic.
The first nic (re0) has 3 vlan assigned.
The other 2 nic (re1 and re2) are WAN interfaces used in a wan group for multi wan.

On every VLAN interface I have to add a rule to allow DNS query on OPNsense, as described in the documentation.

I wonder if there's a way to set a single floating rule for that.
I don't think it's possible because I have to set a specific ip in the 'Destination' filed and that ip is different for every vlan (es: 192.168.3.1; 192.168.4.1; 192.168.5.1).

But you may surprise me with something I don't know :-)

elektroinside · April 09, 2018, 05:08:56 PM

You can use one host(s) alias and add all these IPs. Then use the alias for your fw rules.

doug.dimick · April 09, 2018, 06:51:37 PM

I use a floating rule to allow DNS queries on multiple inside interfaces. I pick the interfaces I want, set direction to in, and then just the the built-in "This Firewall" alias as the destination.

http://prntscr.com/j2yjoa

sirio81 · April 11, 2018, 03:27:16 PM

And the Alias contains all interfaces ip addresses I guess, right?

elektroinside · April 11, 2018, 07:38:01 PM

It can contain whatever IP addresses you want to use and also FQDNs which will get resolved periodically (every 1 min if I'm not mistaken). You can type in any of these two and as many as you need :)

Use floating rule to allow dns query on OPNsense

sirio81

April 09, 2018, 04:17:38 PM

elektroinside

April 09, 2018, 05:08:56 PM #1

doug.dimick

April 09, 2018, 06:51:37 PM #2

sirio81

April 11, 2018, 03:27:16 PM #3

elektroinside

April 11, 2018, 07:38:01 PM #4