Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Resolving a domain in firewall rule

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 6 Posters 815 Views 6 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      packetpirate
      last edited by

      Is it possible to resolve a domain within a firewall rule, meaning to place a domain name instead of an IP address in a firewall rule?

      My use case is that I want to allow a Raspberry Pi only access to the internet in order to run software updates. I have it on a vlan which blocks everything, but I want to allow it out to the server with the repository. I could resolve it myself and enter the IP in the rule, however if the IP changes I will need to change my rule every time.

      D 1 Reply Last reply Reply Quote 0
      • F Offline
        FSC830
        last edited by

        Did you check if this is a solution for you:
        Alias at pfSense?

        Regards

        1 Reply Last reply Reply Quote 1
        • D Offline
          dma_pf @packetpirate
          last edited by

          @packetpirate Definitely can be done by using an alias:

          5f10b9cc-06c1-4454-b4a1-5154d26d92e5-image.png

          1 Reply Last reply Reply Quote 1
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            You probably don't want a URL alias though. That's for pulling a text file with a list of IPs or hostnames from a URL. Just use a Hosts alias and add hostnames in it.

            Steve

            B P 2 Replies Last reply Reply Quote 1
            • B Offline
              bPsdTZpW @stephenw10
              last edited by bPsdTZpW

              @stephenw10 said in Resolving a domain in firewall rule:

              Just use a Hosts alias and add hostnames in it.

              Interesting. When do the hostnames get resolved? Presumably not every time the rule that uses them is evaluated, as the overhead would be huge.

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                Every 5mins by default. See:
                https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#using-hostnames-in-aliases

                Steve

                NollipfSenseN 1 Reply Last reply Reply Quote 0
                • P Offline
                  packetpirate @stephenw10
                  last edited by

                  @stephenw10
                  The hosts alias worked perfectly, thank you!

                  1 Reply Last reply Reply Quote 0
                  • NollipfSenseN Offline
                    NollipfSense @stephenw10
                    last edited by

                    @stephenw10 said in Resolving a domain in firewall rule:

                    Every 5mins by default. See:
                    https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#using-hostnames-in-aliases

                    Steve

                    I am fascinated with pfSense...so much to learn and what it can do.

                    pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                    pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.