external ip was blocked by forum.. ended up being a good learning experience

[DEC740airp414user]

ended up learning how to create alias hosts  with a ton of websites.    and sent them over a different gateway

brain got some new wrinkles this morning.  thumbsup :)

[franco]

If you let me know the IP via PM I'll drop it from the ban list... probably from a spam account.


Cheers,
Franco

[DEC740airp414user]

i would rather keep the spammers out.  it was a IVPN wireguard tunnel used at the time, so def shared address

been wanting to set this up for a while.   its strange only a few websites still do not work, im guessing they don't have their domain setup correctly.    no clue and not that important to me :)


is there a way to decrease the time it checks for hostname updates under alias?   or is 5-6 minutes expected


2026-02-09T04:58:01-05:00
Notice
firewall
resolving 199 hostnames (265 addresses) for webtowan took 0.84 seconds
2026-02-09T04:52:01-05:00
Notice
firewall
resolving 199 hostnames (274 addresses) for webtowan took 1.01 seconds
2026-02-09T04:46:01-05:00
Notice
firewall
resolving 199 hostnames (267 addresses) for webtowan took 1.03 seconds
2026-02-09T04:40:01-05:00
Notice
firewall
resolving 198 hostnames (264 addresses) for webtowan took 1.21 seconds
2026-02-09T04:34:01-05:00
Notice
firewall
resolving 198 hostnames (267 addresses) for webtowan took 0.74 seconds
2026-02-09T04:28:01-05:00
Notice
firewall
resolving 200 hostnames (266 addresses) for webtowan took 0.73 seconds
2026-02-09T04:22:01-05:00
Notice
firewall
resolving 201 hostnames (266 addresses) for webtowan took 0.91 seconds
2026-02-09T04:16:01-05:00
Notice
firewall
resolving 199 hostnames (266 addresses) for webtowan took 0.75 seconds
2026-02-09T04:10:01-05:00
Notice
firewall
resolving 200 hostnames (261 addresses) for webtowan took 0.75 seconds
2026-02-09T04:04:01-05:00
Notice
firewall
resolving 198 hostnames (259 addresses) for webtowan took 0.79 seconds
2026-02-09T03:58:01-05:00
Notice
firewall
resolving 199 hostnames (260 addresses) for webtowan took 0.83 seconds
2026-02-09T03:52:01-05:00
Notice
firewall
resolving 200 hostnames (260 addresses) for webtowan took 0.81 seconds
2026-02-09T03:46:01-05:00
Notice
firewall
resolving 199 hostnames (265 addresses) for webtowan took 1.02 seconds
2026-02-09T03:40:01-05:00
Notice
firewall
resolving 199 hostnames (263 addresses) for webtowan took 0.92 seconds
2026-02-09T03:34:01-05:00
Notice
firewall
resolving 199 hostnames (263 addresses) for webtowan took 0.74 seconds
2026-02-09T03:28:02-05:00
Notice
firewall
resolving 198 hostnames (255 addresses) for webtowan took 1.35 seconds
2026-02-09T03:22:02-05:00
Notice
firewall
resolving 200 hostnames (262 addresses) for webtowan took 1.01 seconds
2026-02-09T03:16:01-05:00
Notice
firewall
resolving 198 hostnames (266 addresses) for webtowan took 0.79 seconds

[franco]

Ok makes sense.

I think the update frequency is hardcoded. Would make sense to raise a ticket to discuss this. In general the system is configurable but the GUI doesn't show.


Cheers,
Franco

[vimage22]

Edit: I just found that it depends on Type
URL Table: Refresh Frequency

I only have 1 alias where Type = Host(s). I change the default value here:
Firewall: Settings: Advanced
Aliases Resolve Interval [default (300s).]
my value = 14400

The new value is honored. Is this something different than the original post?

[franco]

It's going to be configurable in 26.1.2, see https://github.com/opnsense/core/issues/9767

Yay for tickets :D


Cheers,
Franco

[DEC740airp414user]

Edit: I just found that it depends on Type
URL Table: Refresh Frequency

I only have 1 alias where Type = Host(s). I change the default value here:
Firewall: Settings: Advanced
Aliases Resolve Interval [default (300s).]
my value = 14400

The new value is honored. Is this something different than the original post?

great question.   I just changed my setting to 604800

I should know fairly quickly

[DEC740airp414user]

well.   I didn't know that option was there, its been 40+ minutes and a new log has not appeared

   @franco this is my fault ill let your team decide on that GitHub request.


at the same time.  if someone thinks its better to have a faster check for host alias update times.    please education me,  I am all ears on this subject.   I am not a firewall expert I lean on the community

[vimage22]

Not an expert either, but can you describe what you are trying to handle at a higher level? I cannot tell from the details you provided.

[DEC740airp414user]

Not an expert either, but can you describe what you are trying to handle at a higher level? I cannot tell from the details you provided.

initial goal is accomplished.   I was blocked from access this forum as I was connecting over a vpn provider.
so I created a floating rule with 300 alias hosts(websites) and am sending them out the wan, instead of over a external vpn provider.

I am now finding 98% of websites work using this method.
Lowes.com
kroger.com
my ui.com account still says I am connected over a VPN and am blocked

during troubleshooting.  I found that the alias hosts was updating every 5 minutes to me that is beyond excessive, but what do I know?   and the unbound DNS reporting feature was showing literal dips up and down all day long with those alias being updated.

   It was your post that helped me change the alias to check for changes once a week instead of 5 minutes. 

   overall I am a happy camper.     I am just not intelligent enough to fix the issues where the few websites will not go over the wan.

[vimage22]

300 alias hosts(websites)

Interesting. My initial reaction is it must be difficult to maintain all of these URL's. And a large company may have load balancers where the final IP may change, so your cache may not resolve it correctly. But normally, I think many websites have a stable IP. Have you considered a single rule to force 443 to capture traffic from one or more of your LAN clients to use the non-VPN gateway? And exclude 80 as it is hardly ever used?
And for the problem websites, maybe tracert, pathping and PowerShell commands might provide clues. But that is tricky if your current rule is looking only a specific port like 443.