Feature #1901
closedMaintain IP range tables for popular Internet sites
0%
Description
Current version of pfsense includes the filterdns daemon which periodically resolves any fqdn in aliases into IP. But this won't work for Websites that return a different set of IPs on each DNS request, so the current solution seems to be doing URL filtering via a proxy like Squid+squidhuard. However this is of little help when a company has moved their email to Google and needs to access its servers via IMAP and wants to whitelist all Google's IPs. This scenario will come up more often, as companies migrate into SaaS and the cloud.
A solution would be for pfsense to automatically keep track of certain sites' IP ranges (e.g. GoogleApps). This info can be obtained via whois or DNS.
E.g. Google's ASN is 15169 https://www.dan.me.uk/bgplookup?asn=15169 or via DNS lookup of the SPF record, as Google suggests in "Google IP address ranges" page http://www.google.com/support/a/bin/answer.py?answer=60764
$ host -t txt _spf.google.com
_spf.google.com descriptive text "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"