OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: xofer on March 24, 2022, 12:23:54 pm

Title: Can i create firewall rule from a wildcard dns entry
Post by: xofer on March 24, 2022, 12:23:54 pm

I would like to define a firewall rule from a wildcard DNS entry. This can be achieved in linux iptables.

Lets consider the scenario where I would like to block all outgoing traffic from a host, but allow only *.update.microsoft.com

In linux this can be achieved in the following way:
1) client asks for somerandomstring.update.microsoft.com from dnsmasq
2) dnsmasq looks up the name, returns it to the client and adds it to an ipset list according to its whitelist
3) firewall iptables rule is configured to allow traffic according to the ipset list

ipset lists can be updated "behind the scenes" without any firewall reload.

Can something similar be achieved in opnsense pf?

Title: Re: Can i create firewall rule from a wildcard dns entry
Post by: Pfirepfox on November 16, 2022, 01:02:03 pm

Also curious about this, i have a number of hosts to insert and wildcard support would be great

Title: Re: Can i create firewall rule from a wildcard dns entry
Post by: xofer on March 07, 2023, 02:43:38 pm

Quote from: Pfirepfox on November 16, 2022, 01:02:03 pm

Also curious about this, i have a number of hosts to insert and wildcard support would be great

Somehow this is a dupe. I found a solution here: https://forum.opnsense.org/index.php?topic=27650.0