On Tue, May 06, 2008 at 12:47:24PM +0300, Vitaliy Vladimirovich wrote: > Hi! > ow can I specify dst_addr in my rule for all subdomains of server. E.g. > example1.server.com, example2.server.com and so on. > > Something like this: > > pass out on sk0 inet proto tcp from $MY_LAN to *.example.org port www
What you want is basically a layer 7 filter -- pf does not do that. If all the machines within *.example.org are within a specific network block (e.g. 20.30.40.0/24), then you can use that CIDR netblock instead of *.example.org in your above example. But you cannot use wildcards for domains. All hostnames given as a dst/src address will be resolved first. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
