Resolving a domain in firewall rule
-
Is it possible to resolve a domain within a firewall rule, meaning to place a domain name instead of an IP address in a firewall rule?
My use case is that I want to allow a Raspberry Pi only access to the internet in order to run software updates. I have it on a vlan which blocks everything, but I want to allow it out to the server with the repository. I could resolve it myself and enter the IP in the rule, however if the IP changes I will need to change my rule every time.
-
Did you check if this is a solution for you:
Alias at pfSense?Regards
-
@packetpirate Definitely can be done by using an alias:
-
You probably don't want a URL alias though. That's for pulling a text file with a list of IPs or hostnames from a URL. Just use a Hosts alias and add hostnames in it.
Steve
-
@stephenw10 said in Resolving a domain in firewall rule:
Just use a Hosts alias and add hostnames in it.
Interesting. When do the hostnames get resolved? Presumably not every time the rule that uses them is evaluated, as the overhead would be huge.
-
Every 5mins by default. See:
https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#using-hostnames-in-aliasesSteve
-
@stephenw10
The hosts alias worked perfectly, thank you! -
@stephenw10 said in Resolving a domain in firewall rule:
Every 5mins by default. See:
https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#using-hostnames-in-aliasesSteve
I am fascinated with pfSense...so much to learn and what it can do.