1
23.1 Legacy Series / block incoming wan on dest IP and allow domain names
« on: June 11, 2023, 01:52:07 pm »
I have a fixed external IP, I own a domain name and I have setup several services I run from home, almost all of them behind an nginx reverse proxy with SNI setup based on sub domains.
My current port forwarding rules are set to destination WAN address, port 80/443 with a forward to nginx.
It gets hammered, obviously and nginx stops it, so no real issues. I could possibly setup fail2ban as well but I was wondering if I could setup opnsense to stop direct hits on IP address only? Same way nginx identifies fqdn's via SNI could opnsense possibly do the same and stop it if the destination domain is not allowed?
Thanks!
My current port forwarding rules are set to destination WAN address, port 80/443 with a forward to nginx.
It gets hammered, obviously and nginx stops it, so no real issues. I could possibly setup fail2ban as well but I was wondering if I could setup opnsense to stop direct hits on IP address only? Same way nginx identifies fqdn's via SNI could opnsense possibly do the same and stop it if the destination domain is not allowed?
Thanks!