Did wildcard aliases make it into 2.2?
-
Having read this post https://forum.pfsense.org/index.php?topic=44264.msg231443#msg231443
We do actually have support for wildcard hostnames in a private build right now, it's still under development and being tested, but it appears to work nicely. It just snoops all the DNS responses, and if you allow *.example.com it allows every IP that's returned via DNS for *.example.com. No extra overhead in doing additional DNS lookups or anything else crazy like that.
When or whether that hits the open source side, I'm not sure yet.
Did wildcard alias make it into 2.2 as they dont appear to work when I tried earlier?
-
No. That functionality still needs work, the project where we were working on it was shelved.
-
As I see this is an ongoing question throughout the years and now I am craving for it as well since I need to route all traffic to a certain address through a specific gateway. No problem to set up a firewall rule but then I struggle with alias which supposed to be like "*.example.com".
Is there a workaround for this? -
What OP is referring to is captive portal, not general aliases. It's not possible do to wildcard domains in aliases by the nature of how they function. That's something where you need a proxy.
-
Thanks for the quick reply. Actually I was more like referring to the topic in general. Unfortunately use of a proxy isn't an option for my scenario here. Would it be easier to accomplish this task by using a given IP range (like 95.211..) that is supposed to be accessed through a specific gateway?
-
Thanks for the quick reply. Actually I was more like referring to the topic in general. Unfortunately use of a proxy isn't an option for my scenario here. Would it be easier to accomplish this task by using a given IP range (like 95.211..) that is supposed to be accessed through a specific gateway?
If you know the IP addresses and/or subnet ranges, then the functionality is all in the base pfSense.
Make an Alias with 95.211.0.0/16 etc…
Then use it in firewall rules to block, or to pass and direct to a particular gateway/gateway group or traffic shape it or apply a limiter...If you know the actual names in the subdomain then you can put all those in an Alias also:
server1.example.com
www.example.com
mail.example.comThe problem, as you are well aware, is when you do not know all the names in the subdomain.