Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Did wildcard aliases make it into 2.2?

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      firewalluser
      last edited by

      Having read this post https://forum.pfsense.org/index.php?topic=44264.msg231443#msg231443

      We do actually have support for wildcard hostnames in a private build right now, it's still under development and being tested, but it appears to work nicely. It just snoops all the DNS responses, and if you allow *.example.com it allows every IP that's returned via DNS for *.example.com. No extra overhead in doing additional DNS lookups or anything else crazy like that.

      When or whether that hits the open source side, I'm not sure yet.

      Did wildcard alias make it into 2.2 as they dont appear to work when I tried earlier?

      Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

      Asch Conformity, mainly the blind leading the blind.

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by

        No. That functionality still needs work, the project where we were working on it was shelved.

        1 Reply Last reply Reply Quote 0
        • F Offline
          fraglord
          last edited by

          As I see this is an ongoing question throughout the years and now I am craving for it as well since I need to route all traffic to a certain address through a specific gateway. No problem to set up a firewall rule but then I struggle with alias which supposed to be like "*.example.com".
          Is there a workaround for this?

          pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

          1 Reply Last reply Reply Quote 0
          • C Offline
            cmb
            last edited by

            What OP is referring to is captive portal, not general aliases. It's not possible do to wildcard domains in aliases by the nature of how they function. That's something where you need a proxy.

            1 Reply Last reply Reply Quote 0
            • F Offline
              fraglord
              last edited by

              Thanks for the quick reply. Actually I was more like referring to the topic in general. Unfortunately use of a proxy isn't an option for my scenario here. Would it be easier to accomplish this task by using a given IP range (like 95.211..) that is supposed to be accessed through a specific gateway?

              pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

              1 Reply Last reply Reply Quote 0
              • P Offline
                phil.davis
                last edited by

                @fraglord:

                Thanks for the quick reply. Actually I was more like referring to the topic in general. Unfortunately use of a proxy isn't an option for my scenario here. Would it be easier to accomplish this task by using a given IP range (like 95.211..) that is supposed to be accessed through a specific gateway?

                If you know the IP addresses and/or subnet ranges, then the functionality is all in the base pfSense.
                Make an Alias with 95.211.0.0/16 etc…
                Then use it in firewall rules to block, or to pass and direct to a particular gateway/gateway group or traffic shape it or apply a limiter...

                If you know the actual names in the subdomain then you can put all those in an Alias also:
                server1.example.com
                www.example.com
                mail.example.com

                The problem, as you are well aware, is when you do not know all the names in the subdomain.

                As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.