OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: moe on November 17, 2022, 03:12:15 pm

Title: Dynamic DNS-Alias (e.g. github.com)
Post by: moe on November 17, 2022, 03:12:15 pm

Hi,
I have few hosts for developing and I wan't to isolate them from the whole internet, just only github.
So can you tell me, is there any way like on Checkpoint or Palo or some kind of firewalls to place i firewall-Rule where the destination is an objekt called *.github ?

And in the Background it makes a Reverse-Lookup for the DNS-Entrys and Puts them in the Alias-List?

Thanks for Feedback.
Kind regards

Title: Re: Dynamic DNS-Alias (e.g. github.com)
Post by: Vilhonator on November 18, 2022, 12:56:17 am

According to github, you need to create alias "github.com" and allow TCP ports 22, 80, 443, and 9418.

https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses

Title: Re: Dynamic DNS-Alias (e.g. github.com)
Post by: Vilhonator on November 18, 2022, 01:14:13 am

Anyways, if this is any help, for github you only need to allow traffic from IP ranges listed at:

https://api.github.com/meta

Opnsense won't be able to fetch those using the link (at least didn't work for me), but there is a way to fetch them somehow (or just add them manually if all else fails)