Alias for some hosts
-
I want to make an alias for some hosts. For example, I want to make alias "YM" with these entry:
scs.msg.yahoo.com
scsa.msg.yahoo.com
scsb.msg.yahoo.com
scsc.msg.yahoo.com
webcam.yahoo.com
filetransfer.msg.yahoo.com
v1.vc.scd.yahoo.com
v2.vc.scd.yahoo.com
v3.vc.scd.yahoo.com
v4.vc.scd.yahoo.com
v5.vc.scd.yahoo.comeach host consist a lot of ip address.
In firewall rules source/destination drop down box, only consist:
any
single host or alias
network
wan address
lan subnet
pptp clients
pppoe clientsI want to use that alias in firewall rules LAN destination. How to do that?
Right now I'm using pfsense beta2. -
if i right unerstand - you must use 'single host or alias'
Alias can have any count hosts
-
In firewall rules source/destination drop down box, only consist:
single host or alias
I want to use that alias in firewall rules LAN destination. How to do that?
Right now I'm using pfsense beta2.Uhhh….I snipped all the non-relevant info. Check out the stuff in bold that you typed. I believe that answers your question.
–Bill
-
i try to input as you told me.
Firewall > Rules > LAN:
interface: LAN
protocol: TCP
source: LOCAL (alias for network 172.16.4.0/24)
port: *
destination: scs.msg.yahoo.com (single host or alias)
port: *after I click save, i have this error message:
**The following input errors were detected:
* A valid destination IP address or alias must be specified.**
So, I must input all ip address for that hostname into alias.
And I must search all ip address for more than one hostname.
Is there any workarround to easier this task? -
Resolve the urls you want to block to IPs.
Then go to Firewall>Aliases. Create a host alias and add all the IPs there. Call it "blockyahoo" or whatever you like.
Save and apply.
Tthen go to firewall>rules and add a block rule at interface LAN with source any, destination "blockyahoo".
Save and apply.In pfSense 1.1 you will be able to let the pfSense resolve the URLs by adding an URL-Type Alias but for now (v1.0) you have to do it based on the IPs.
-
hmmm… adding ip address one by one... ohhh... so many ips :'( :'( :'(
btw. when v1.1 will go out? v1.0 is still in beta series. :)
-
No planned releasedate for 1.1 yet. There is not even a complete list what we want to do with 1.1 yet (though a lot of things are already implemented but untested and there are some dev todo lists already).
-
In pfSense 1.1 you will be able to let the pfSense resolve the URLs by adding an URL-Type Alias but for now (v1.0) you have to do it based on the IPs.
Even then, it'll be limited to what DNS returns. If yahoo (to continue the example) uses a DNS load balancer such as F5's 3DNS (now GTM) product, it's unlikely that two queries will result in the same answer. Using DNS to resolve hostnames can be useful and I can see the alias name being populated with a dns entry where there's a checkbox or such that allows pfsense to auto-populate the IP, I don't however, expect us to update the alias automagically.
–Bill