Date: Wed, 11 Aug 2021 17:20:07 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Nathaniel Nigro <nathaniel.nigro@gmail.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Can ipfw Rules Be Based On DNS Name Message-ID: <CAHu1Y73n9Ybmm9Ghe2MZNepf%2B6%2BMi8FH8nn=BMCUyoa5r9QPBA@mail.gmail.com> In-Reply-To: <CAD=pOf=85A5kFp1PEN72QdJs5G7tpr_daFMuHqy65bX%2B78oHsg@mail.gmail.com> References: <ac332bfe-314a-ac76-eeb4-f0111bac4d0d@tundraware.com> <CAD=pOf=85A5kFp1PEN72QdJs5G7tpr_daFMuHqy65bX%2B78oHsg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 11, 2021 at 4:38 PM Nathaniel Nigro <nathaniel.nigro@gmail.com> wrote: > Ipfw -q add 111 deny udp from (domain) to any(or local ip) (port) in via > No. You can add a rule for a FQDN, but that's only resolved at the time you add the rule. It's just an IP address in the firewall ruleset. You can maintain a table of addresses, and check that with a single rule. You can add and delete CIDR blocks and IPv6 prefixes without changing the ruleset or restarting the firewall. How you might do that is a non-trivial problem. How do you find all the IP addresses associated with a particular domain?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y73n9Ybmm9Ghe2MZNepf%2B6%2BMi8FH8nn=BMCUyoa5r9QPBA>