Wildcard Domain
-
Hello
I am trying to setup the firewall rules for Exchange hybrid.
MSFT is requesting that I allow *.outlook.office.com among others. I cant seem to find a way to get PfSense to take the wildcard in a rule.
I am running 2.6.0-RELEASE
Does anyone have any ideas as to how I get around this limitation?Thanks
John -
@jakjr
The packet filter cannot treat domain names, but only IPs or networks.So find out, which IPs you need and put all into an alias. You can use this alias then for filtering.
This site can be helpful: Office 365 URLs and IP address ranges
They're also provide a JSON list, which you can automatically request by a script to generate a networks list for pfSense. -
Hi Viragomann
Thank you for the prompt reply. I am using that list to get the IP's but there are sections that include IP's as well as the wildcard domains.
If you look at this section they do not provide any IP's only the wildcard domain
8 Default
Required *.outlook.com TCP: 443, 80 -
@jakjr said in Wildcard Domain:
that I allow *.outlook.office.com among others
This is impossible to do other than via say a proxy, or via dns restrictions. It's not possible for an alias that is set to lookup specific fqdn say every 5 minutes to lookup what amounts to an infinite possible number of combinations.
The link provided by @viragomann will list the IP blocks etc. that you should allow, they give wildcard domain info like that for people that are using proxy or dns based filtering.
-
@jakjr
When you check out the JSON file, there are multiple sections, each beginning with an ID and containing an URLs subsection and an IPs subsection (containing networks).
So search for the host names or wildcard domains you need and take the networks from the correspondent sections and build your own networks list for using in an URL alias.
