Dynamic DNS-Alias (e.g. github.com)

Started by moe, November 17, 2022, 03:12:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 17, 2022, 03:12:15 PM
Hi,
I have few hosts for developing and I wan't to isolate them from the whole internet, just only github.
So can you tell me, is there any way like on Checkpoint or Palo or some kind of firewalls to place i firewall-Rule where the destination is an objekt called *.github ?

And in the Background it makes a Reverse-Lookup for the DNS-Entrys and Puts them in the Alias-List?

Thanks for Feedback.
Kind regards
November 18, 2022, 12:56:17 AM #1
According to github, you need to create alias "github.com" and allow TCP ports 22, 80, 443, and 9418.

https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses
November 18, 2022, 01:14:13 AM #2
Anyways, if this is any help, for github you only need to allow traffic from IP ranges listed at:

https://api.github.com/meta

Opnsense won't be able to fetch those using the link (at least didn't work for me), but there is a way to fetch them somehow (or just add them manually if all else fails)
Print
Go Up Pages1
User actions