Egress filtering to update.host.com instead of xx.xx.xx.xx?



  • I'm running 1.2.3-RC3 and have the pfSense book and pfSense is running very nicely in general.  The book is a big help and has answered all but one of my questions …

    My current task is to move a mail server running on XP-Pro (AltN MDaemon) behind the OPT1 interface - this has gone well except that the mail server checks some external hosts for virus updates, Spam Assassin rule updates etc.  I can allow these checks to specific IP addresses but I'd prefer to write a rule that allowed access to a URL.

    However the alias and rules all seem to want IP addresses - not URLs.  Is there a way to allow access to a URL (update.host.com)  instead of entering the IP address as xx.xx.xx.xx?

    Obviously, IP addresses can change so a rule based on allowing access to an IP address will break if the host moves.



  • Sorry, PF (the filter system) generates rules that use IP addresses.



  • OK, thanks for the quick answer - I was afraid that might be the case.  The ability to use URL's into the rules (or at least into an alias) would be a nice feature at some point in the future.

    Until that day arrives I'll hard code the IP addresses into an alias.


Log in to reply