Log specific domain traffic, allow and continue processing rules

[DavidSte1]

Hi,

I have a use case where I need to watch access to a specific domain.  I'd like to create a rule to allow traffic and log it but then to continue to process other rules (which may then subsequently block this traffic either now or in the future).

I can't work a way to do this - is this even possible?

Thanks, David

[dseven]

Assuming you mean DNS domains.... firewall rules don't deal with those, only IP addreses, but there this this: https://docs.opnsense.org/manual/reporting_unbound_dns.html

[DavidSte1]

Yes i do mean DNS domains.  You can use domain names in FW rules, but I'll send logfiles to Spunk to handle the name lookups for the IPs in the logs

[dseven]

That would depend on reverse DNS providing something useful, which you probably can't rely on (depending on your use-case, I suppose).

[DavidSte1]

I know full well the limitations of reverse dns, but it doesn't really answer my original question

[dseven]

So your original post actually contained two questions (at least in my perception):

1) Is it possible to create a rule that matches traffic destined for a particular domain name (as opposed to IP address)?

2) Is it possible to create a rule that logs when it's matched, but doesn't take action (Pass/Block/Reject), allowing a later rule to do that?

I believe the answer to (2) ("no") can be found here: https://forum.opnsense.org/index.php?topic=12380.0