Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - thorben83

Pages1
#1
25.7 Series / Re: Firewall rules based on URL or even wildcard URL - how do deal with them?
October 03, 2025, 11:50:10 AM
oh, that looks interesting, thanks!

I guess that could work, if I create a DNS forwarder on all Domain Controllers to OPNsense and run DNSmask there.

Thanks for that quick hint and have a good weekend :-)
#2
25.7 Series / Firewall rules based on URL or even wildcard URL - how do deal with them?
October 03, 2025, 11:44:55 AM
Hello,
I try to filter HTTP / HTTPS traffic "somehow" so that I can allow outgoing access to URLs like this

*.blob.core.windows.net
*.windowsupdate.com
cacerts.digicert.com (without wildcard, but with CDN it changes the IP address all the time)

What is the best way to achieve that? In best case, I don't need to do TLS / SSL interception because I will struggle to get a certificate deployed on every device.

I found a post that recommended to use a proxy instead of plain firewall rules. As I did not find any proxy in OPNsense, I found another post that says that os-squid is in the plugin section now. But I cannot find os-squid in the plugin section.

Does anyone have ideas how to get that challenge solved without an "any HTTP/ HTTPS" rule?

Best regards
Thorben
Pages1