On Sun, 22 Apr 2007 10:59:00 -0500, Rob Terhaar wrote > don't think this is possible, or a good idea ether. > > On 4/21/07, Volker Kuhlmann <[EMAIL PROTECTED]> wrote: > > What options are there for creating rules with a hostname which resolves > > to a dynamic IP address? I'd like to allow one host access inbound > > access on a tcp port, but that host doesn't have a static IP. Unless > > there's a magic mechanism I don't know about, at least part of the rules > > would have to be reloaded when the host's IP address changes. Doing that > > wouldn't be a problem, nor would it be a problem if there was a 2h > > blackout period when the IP changed but the rules weren't reloaded yet. > > > > How could this be achieved with pfsense? I'm not averse to a bit of > > shell scripting if necessary. > > > > Thanks, > > > > Volker > > > > -- > > Volker Kuhlmann > > http://volker.dnsalias.net/ Please do not CC list postings to me. > > > > ---------------------------------------------------------------------
Hello! I asked the same thing some months ago. Developper team (Scott Ullrich) said is not a good idea to have rules based with name resolution. I agree, it is very ease to poison/hack name resolution ... The solution is use OpenVPN. With OpenVPN you can ensure the entity for the inbound connection. I use it at home to connect my computer (with a dynamic Internet address) to my job LANs "firewalled" with pfSense. Last snapshot is necessary to ensure OpenVPN stabillity: http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2 Regards, Josep Pujadas --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
