Can ipfw Rules Be Based On DNS Name
Michael Sierchio
kudzu at tenebras.com
Thu Aug 12 00:20:45 UTC 2021
On Wed, Aug 11, 2021 at 4:38 PM Nathaniel Nigro <nathaniel.nigro at gmail.com>
wrote:
> Ipfw -q add 111 deny udp from (domain) to any(or local ip) (port) in via
>
No. You can add a rule for a FQDN, but that's only resolved at the time
you add the rule. It's just an IP address in the firewall ruleset.
You can maintain a table of addresses, and check that with a single rule.
You can add and delete CIDR blocks and IPv6 prefixes without changing the
ruleset or restarting the firewall. How you might do that is a non-trivial
problem. How do you find all the IP addresses associated with a particular
domain?
More information about the freebsd-questions
mailing list