OPNsense Forum
Archive => 22.7 Legacy Series => Topic started by: moe on November 17, 2022, 03:12:15 pm
-
Hi,
I have few hosts for developing and I wan't to isolate them from the whole internet, just only github.
So can you tell me, is there any way like on Checkpoint or Palo or some kind of firewalls to place i firewall-Rule where the destination is an objekt called *.github ?
And in the Background it makes a Reverse-Lookup for the DNS-Entrys and Puts them in the Alias-List?
Thanks for Feedback.
Kind regards
-
According to github, you need to create alias "github.com" and allow TCP ports 22, 80, 443, and 9418.
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses
-
Anyways, if this is any help, for github you only need to allow traffic from IP ranges listed at:
https://api.github.com/meta
Opnsense won't be able to fetch those using the link (at least didn't work for me), but there is a way to fetch them somehow (or just add them manually if all else fails)