Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Log specific domain traffic, allow and continue processing rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Log specific domain traffic, allow and continue processing rules (Read 207 times)
DavidSte1
Newbie
Posts: 4
Karma: 0
Log specific domain traffic, allow and continue processing rules
«
on:
October 24, 2024, 09:48:25 pm »
Hi,
I have a use case where I need to watch access to a specific domain. I'd like to create a rule to allow traffic and log it but then to continue to process other rules (which may then subsequently block this traffic either now or in the future).
I can't work a way to do this - is this even possible?
Thanks, David
Logged
dseven
Sr. Member
Posts: 303
Karma: 33
Re: Log specific domain traffic, allow and continue processing rules
«
Reply #1 on:
October 25, 2024, 10:07:17 am »
Assuming you mean DNS domains.... firewall rules don't deal with those, only IP addreses, but there this this:
https://docs.opnsense.org/manual/reporting_unbound_dns.html
Logged
DavidSte1
Newbie
Posts: 4
Karma: 0
Re: Log specific domain traffic, allow and continue processing rules
«
Reply #2 on:
October 28, 2024, 08:40:54 pm »
Yes i do mean DNS domains. You can use domain names in FW rules, but I'll send logfiles to Spunk to handle the name lookups for the IPs in the logs
Logged
dseven
Sr. Member
Posts: 303
Karma: 33
Re: Log specific domain traffic, allow and continue processing rules
«
Reply #3 on:
October 28, 2024, 08:52:48 pm »
That would depend on reverse DNS providing something useful, which you probably can't rely on (depending on your use-case, I suppose).
Logged
DavidSte1
Newbie
Posts: 4
Karma: 0
Re: Log specific domain traffic, allow and continue processing rules
«
Reply #4 on:
November 03, 2024, 05:45:47 pm »
I know full well the limitations of reverse dns, but it doesn't really answer my original question
Logged
dseven
Sr. Member
Posts: 303
Karma: 33
Re: Log specific domain traffic, allow and continue processing rules
«
Reply #5 on:
November 04, 2024, 02:50:10 pm »
So your original post actually contained two questions (at least in my perception):
1) Is it possible to create a rule that matches traffic destined for a particular domain name (as opposed to IP address)?
2) Is it possible to create a rule that logs when it's matched, but doesn't take action (Pass/Block/Reject), allowing a later rule to do that?
I believe the answer to (2) ("no") can be found here:
https://forum.opnsense.org/index.php?topic=12380.0
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Log specific domain traffic, allow and continue processing rules