Author Topic: Use floating rule to allow dns query on OPNsense (Read 3548 times)

sirio81 · « **on:** April 09, 2018, 04:17:38 pm »

Hi All, I have an OPNsense 18.1 with 3 nic.
The first nic (re0) has 3 vlan assigned.
The other 2 nic (re1 and re2) are WAN interfaces used in a wan group for multi wan.

On every VLAN interface I have to add a rule to allow DNS query on OPNsense, as described in the documentation.

I wonder if there's a way to set a single floating rule for that.
I don't think it's possible because I have to set a specific ip in the 'Destination' filed and that ip is different for every vlan (es: 192.168.3.1; 192.168.4.1; 192.168.5.1).

But you may surprise me with something I don't know :-)

elektroinside · « **Reply #1 on:** April 09, 2018, 05:08:56 pm »

You can use one host(s) alias and add all these IPs. Then use the alias for your fw rules.

doug.dimick · « **Reply #2 on:** April 09, 2018, 06:51:37 pm »

I use a floating rule to allow DNS queries on multiple inside interfaces. I pick the interfaces I want, set direction to in, and then just the the built-in "This Firewall" alias as the destination.

http://prntscr.com/j2yjoa

sirio81 · « **Reply #3 on:** April 11, 2018, 03:27:16 pm »

And the Alias contains all interfaces ip addresses I guess, right?

elektroinside · « **Reply #4 on:** April 11, 2018, 07:38:01 pm »

It can contain whatever IP addresses you want to use and also FQDNs which will get resolved periodically (every 1 min if I'm not mistaken). You can type in any of these two and as many as you need

Author Topic: Use floating rule to allow dns query on OPNsense (Read 3548 times)

sirio81

Use floating rule to allow dns query on OPNsense

elektroinside

Re: Use floating rule to allow dns query on OPNsense

doug.dimick

Re: Use floating rule to allow dns query on OPNsense

sirio81

Re: Use floating rule to allow dns query on OPNsense

elektroinside

Re: Use floating rule to allow dns query on OPNsense