Hi,
I have few hosts for developing and I wan't to isolate them from the whole internet, just only github.
So can you tell me, is there any way like on Checkpoint or Palo or some kind of firewalls to place i firewall-Rule where the destination is an objekt called *.github ?
And in the Background it makes a Reverse-Lookup for the DNS-Entrys and Puts them in the Alias-List?
Thanks for Feedback.
Kind regards
According to github, you need to create alias "github.com" and allow TCP ports 22, 80, 443, and 9418.
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses
Anyways, if this is any help, for github you only need to allow traffic from IP ranges listed at:
https://api.github.com/meta
Opnsense won't be able to fetch those using the link (at least didn't work for me), but there is a way to fetch them somehow (or just add them manually if all else fails)