Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Can i create firewall rule from a wildcard dns entry
« previous
next »
Print
Pages: [
1
]
Author
Topic: Can i create firewall rule from a wildcard dns entry (Read 3709 times)
xofer
Newbie
Posts: 42
Karma: 2
Can i create firewall rule from a wildcard dns entry
«
on:
March 24, 2022, 12:23:54 pm »
I would like to define a firewall rule from a wildcard DNS entry. This can be achieved in linux iptables.
Lets consider the scenario where I would like to block all outgoing traffic from a host, but allow only *.update.microsoft.com
In linux this can be achieved in the following way:
1) client asks for somerandomstring.update.microsoft.com from dnsmasq
2) dnsmasq looks up the name, returns it to the client and adds it to an ipset list according to its whitelist
3) firewall iptables rule is configured to allow traffic according to the ipset list
ipset lists can be updated "behind the scenes" without any firewall reload.
Can something similar be achieved in opnsense pf?
Logged
Pfirepfox
Newbie
Posts: 42
Karma: 2
Re: Can i create firewall rule from a wildcard dns entry
«
Reply #1 on:
November 16, 2022, 01:02:03 pm »
Also curious about this, i have a number of hosts to insert and wildcard support would be great
Logged
xofer
Newbie
Posts: 42
Karma: 2
Re: Can i create firewall rule from a wildcard dns entry
«
Reply #2 on:
March 07, 2023, 02:43:38 pm »
Quote from: Pfirepfox on November 16, 2022, 01:02:03 pm
Also curious about this, i have a number of hosts to insert and wildcard support would be great
Somehow this is a dupe. I found a solution here:
https://forum.opnsense.org/index.php?topic=27650.0
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Can i create firewall rule from a wildcard dns entry