Is there a way to specify a fqdn instead of an ip address?



  • Hi all,
    in 1.2.3 is there a way to build a rule against a fully qualified domain name of an host instead of an ip address? Let's say I want to build a rule against www.kde.org instead of all of its ip addresses. DO I have to define an alias and group each ip address there?
    Thanks.



  • Fluca,

    I kind of asked this question the other day and haven't gotten a response: http://forum.pfsense.org/index.php/topic,39549.0.html

    Basically, the topic was discussed in the past for 2.0.x to have this reverse lookup implemented and I am trying to get clarification if it is in 2.0.x, because I haven't seen anything that says it is or will be implemented.

    I've read that it creates a little overhead in the rule translation because of that extra time it takes to resolve than just an IP, but for the most part, its pretty fast.

    So, can you do an FQDN in 1.2.3?  From my usage over the past couple of years, I wouldn't think so.  But.. 2.0.x is possible.


  • Rebel Alliance Developer Netgate

    You can, in aliases, in 2.0. They are re-resolved periodically.

    You can also do this in 1.2.3 but in a hackish way.

    • It only works with the second or later value in an alias
    • It only resolves when the filter ruleset is (re)loaded, so basically when you save/apply. You can cron a filter reload if you really want to hack it up.


  • Thx Jimp!

    @jimp:

    You can, in aliases, in 2.0. They are re-resolved periodically.

    You can also do this in 1.2.3 but in a hackish way.

    • It only works with the second or later value in an alias
    • It only resolves when the filter ruleset is (re)loaded, so basically when you save/apply. You can cron a filter reload if you really want to hack it up.

Locked