Hi,
I have a use case where I need to watch access to a specific domain. I'd like to create a rule to allow traffic and log it but then to continue to process other rules (which may then subsequently block this traffic either now or in the future).
I can't work a way to do this - is this even possible?
Thanks, David
Assuming you mean DNS domains.... firewall rules don't deal with those, only IP addreses, but there this this: https://docs.opnsense.org/manual/reporting_unbound_dns.html
Yes i do mean DNS domains. You can use domain names in FW rules, but I'll send logfiles to Spunk to handle the name lookups for the IPs in the logs
That would depend on reverse DNS providing something useful, which you probably can't rely on (depending on your use-case, I suppose).
I know full well the limitations of reverse dns, but it doesn't really answer my original question
So your original post actually contained two questions (at least in my perception):
1) Is it possible to create a rule that matches traffic destined for a particular domain name (as opposed to IP address)?
2) Is it possible to create a rule that logs when it's matched, but doesn't take action (Pass/Block/Reject), allowing a later rule to do that?
I believe the answer to (2) ("no") can be found here: https://forum.opnsense.org/index.php?topic=12380.0