Add domain A records to firewall rule

Customer support forums for the modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the real time modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
atomicbox
Forum User
Forum User
Posts: 5
Joined: Fri Feb 20, 2015 8:59 am
Location: Portugal

Add domain A records to firewall rule

Unread post by atomicbox »

How could we add all related A records of a domain to firewall rules?

Something like allow outbound on:

Name: db.us.big.clamav.net
200.236.31.1/32, 155.98.64.87/32, 194.8.197.22/32, 69.12.162.28/32, etc...

We can add the IPs once but if they change over time there's no way to automatically update them.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Add domain A records to firewall rule

Unread post by scott »

You can, but they arent really dynamic. What netfilter will do is resolve that domain to an IP when the policy is loaded, it wont change if the hostname changes unless you reload the firewall policy again.
Post Reply