Whitelist wildcard domains / hosts

  • Hello

    Can anybody suggest a way to implement whitelisting of domains using a wildcard on the pfSense CP?

    The only discussions I can find on this subject is this thread from a few years ago:


    That thread mentions that this was done in a private build and was performing well, however I cannot find any further information on it.

    My end objective here is to use an external hosted portal that allows people to login using Facebook/Twitter etc. and that requires me to whitelist a couple of CDNs and some other domains using a wildcard i.e. *.cloudfront.net, *.akamaihd.net  etc.

    I wouldn't be against proposing a bounty to make this feature available if someone could explain a sensible way of doing this that would scale reasonably well and would be prepared to put the work into adding the support to the GUI (though frankly even if a reasonable spec box was only able to handle 1-2k clients I can just deploy multiple ones and distribute clients across them).

  • As jimp already explained (implicit), you should intercept all DNS requests, and match them with the with listed domain names.
    If you have a match, the resulting IP should be fed into the allowed IP list of the portal page. You probably have to issue en redirect to your client.
    Some caching will needed, otherwise portal access will slow down as easy DNS request has to be filtered.

    This is what I should call a "bounty project".

Log in to reply