I would make those rules have a table, and a cronjob to feed the table with the current ips that these hostnames resolve to. But of course, that implies you trust the replies you get all the time from that cronjob.
2017-05-03 22:16 GMT+02:00 Luke Small <lukensm...@gmail.com>: > Is it worthwhile to set up a hook for pf to load rules that have URLs after > the network services that can resolve them come into effect? > -- May the most significant bit of your life be positive.
