pfSense Gold Subscription

Author Topic: Did wildcard aliases make it into 2.2?  (Read 1617 times)

0 Members and 1 Guest are viewing this topic.

Offline firewalluser

  • Hero Member
  • *****
  • Posts: 862
  • Karma: +20/-15
    • View Profile
Did wildcard aliases make it into 2.2?
« on: January 23, 2015, 05:10:50 pm »
Having read this post https://forum.pfsense.org/index.php?topic=44264.msg231443#msg231443
Quote
We do actually have support for wildcard hostnames in a private build right now, it's still under development and being tested, but it appears to work nicely. It just snoops all the DNS responses, and if you allow *.example.com it allows every IP that's returned via DNS for *.example.com. No extra overhead in doing additional DNS lookups or anything else crazy like that.

When or whether that hits the open source side, I'm not sure yet.

Did wildcard alias make it into 2.2 as they dont appear to work when I tried earlier?
Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

Asch Conformity, mainly the blind leading the blind.

Offline cmb

  • Hero Member
  • *****
  • Posts: 11228
  • Karma: +894/-7
    • View Profile
    • Chris Buechler
Re: Did wildcard aliases make it into 2.2?
« Reply #1 on: January 23, 2015, 07:26:04 pm »
No. That functionality still needs work, the project where we were working on it was shelved.

Offline fraglord

  • Jr. Member
  • **
  • Posts: 80
  • Karma: +1/-0
    • View Profile
Re: Did wildcard aliases make it into 2.2?
« Reply #2 on: February 11, 2015, 08:24:48 pm »
As I see this is an ongoing question throughout the years and now I am craving for it as well since I need to route all traffic to a certain address through a specific gateway. No problem to set up a firewall rule but then I struggle with alias which supposed to be like "*.example.com".
Is there a workaround for this?
pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

Offline cmb

  • Hero Member
  • *****
  • Posts: 11228
  • Karma: +894/-7
    • View Profile
    • Chris Buechler
Re: Did wildcard aliases make it into 2.2?
« Reply #3 on: February 11, 2015, 08:32:27 pm »
What OP is referring to is captive portal, not general aliases. It's not possible do to wildcard domains in aliases by the nature of how they function. That's something where you need a proxy.

Offline fraglord

  • Jr. Member
  • **
  • Posts: 80
  • Karma: +1/-0
    • View Profile
Re: Did wildcard aliases make it into 2.2?
« Reply #4 on: February 11, 2015, 08:44:48 pm »
Thanks for the quick reply. Actually I was more like referring to the topic in general. Unfortunately use of a proxy isn't an option for my scenario here. Would it be easier to accomplish this task by using a given IP range (like 95.211.*.*) that is supposed to be accessed through a specific gateway?
pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4612
  • Karma: +551/-3
    • View Profile
    • International Nepal Fellowship
Re: Did wildcard aliases make it into 2.2?
« Reply #5 on: February 11, 2015, 11:25:04 pm »
Thanks for the quick reply. Actually I was more like referring to the topic in general. Unfortunately use of a proxy isn't an option for my scenario here. Would it be easier to accomplish this task by using a given IP range (like 95.211.*.*) that is supposed to be accessed through a specific gateway?
If you know the IP addresses and/or subnet ranges, then the functionality is all in the base pfSense.
Make an Alias with 95.211.0.0/16 etc...
Then use it in firewall rules to block, or to pass and direct to a particular gateway/gateway group or traffic shape it or apply a limiter...

If you know the actual names in the subdomain then you can put all those in an Alias also:
server1.example.com
www.example.com
mail.example.com

The problem, as you are well aware, is when you do not know all the names in the subdomain.
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/