FQDN in Packet Filter
by Rajasekhar Bhumireddy from LinuxQuestions.org on (#5N9JK)
I want to restrict access to specific public domain names form my machine.
For achieving this, I am providing fully qualified domain names in packet filter rule.
for example
pass out on <interface> inet from <myip> to example.com
pass in on <interface> inet from example.com to <myip>
What I understood from the OpenBSD's user guide is "A fully qualified domain name that will be resolved via DNS when the ruleset is loaded. All resulting IP addresses will be substituted into the rule"
I have few queries from this,
1. IPs are substituting into rule while loading ruleset, what if there is a change in IP of the domain name after loading ?
2. Is this FQDN option in pf rule only for static IPs?
3. Does it considering IP dynamicity of domain name?
For achieving this, I am providing fully qualified domain names in packet filter rule.
for example
pass out on <interface> inet from <myip> to example.com
pass in on <interface> inet from example.com to <myip>
What I understood from the OpenBSD's user guide is "A fully qualified domain name that will be resolved via DNS when the ruleset is loaded. All resulting IP addresses will be substituted into the rule"
I have few queries from this,
1. IPs are substituting into rule while loading ruleset, what if there is a change in IP of the domain name after loading ?
2. Is this FQDN option in pf rule only for static IPs?
3. Does it considering IP dynamicity of domain name?