Project

General

Profile

Bug #8531

URL Table aliases don't support FQDNs or names that return >1 IP

Added by Luke Hamburg about 1 year ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
05/21/2018
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

In my testing (pfSense 2.4.3-p1 as well as 'master') the only Alias type that supports FQDNs is "Host". This is limiting. One of the things I want to be able to do with aliases is to centrally distributing white- or black-lists containing a mix of IPs, subnets, and FQDNs. Some of these FQDNs may return multiple IPs, or a mix of IPv4 and IPv6 records, e.g.

$ dig +short cnn.com A cnn.com AAAA
151.101.1.67
151.101.193.67
151.101.129.67
151.101.65.67
2a04:4e42::323
2a04:4e42:200::323
2a04:4e42:400::323
2a04:4e42:600::323

I created a quick patch that enables URL Table aliases to return a mix of IPv4/IPv6 entries as well as accomodate multiple entries per FQDN. I did very limited testing with this but "it works for me". Before I submit a PR could someone please comment? Please go easy on me it's been a year since I've touched pfSense code...

Patch is below:
https://github.com/luckman212/pfsense/commit/08769cb1ee9c5e257b65f33583b55383bcbb03fe

History

#1 Updated by Luke Hamburg about 1 year ago

I added timeout values to the dig command, but rather than 2 separate commits for this tiny patch, I made a new branch that has them squashed:
https://github.com/luckman212/pfsense/commit/063fa3a4a0832da86f9076040417903aa5d4ca7c

#2 Updated by Luiz Souza 8 months ago

  • Assignee set to Luiz Souza
  • Target version set to 48

#3 Updated by Luke Hamburg 8 months ago

Also, I should probably redo this patch in pure PHP and use dns_get_record() http://php.net/manual/en/function.dns-get-record.php instead of shell functions to avoid the forking.

#4 Updated by Jim Pingle 2 months ago

  • Target version changed from 48 to 2.5.0

Also available in: Atom PDF