I use a digital signage services that is doing some updates that will require me to add Host Names so that I can communicate with their services. These will be all outbound connections from me to them. I don’t see a way to add any.networkname.com to the firewall rules. I have tried and I keep getting an error of “Invalid Destination IP address”. I have attached the information that I received about the updates. Maybe I am in the wrong section but I feel like this would be creating rules for the Firewall and not port forwarding.
The firewall functions at the transport layer of the OSI stack. DNS resolution operates above that layer, which means it can’t be managed by the firewall in its current form. Your options are to either create a rule using the corresponding IP address and port, or utilize a different tool that operates at the required level of the stack. This means employing a proxy level tool, such as Access Control Lists. However, implementing this would require you to enforce proxy usage among your users by blocking all direct traffic that doesn’t pass through Squid, and guiding your users in configuring their browsers to use IPFire as a proxy.
@kclark
Outgoing connections on 80 and 443. So no stange exotic ports and are outgoing.
You have the IP list of those domains and sub domains?
104.20.38.199 cms.embedsignage.com
104.20.38.199 devices.embedsignage.com
134.213.3.68 app.embedsignage.com
134.213.210.78 analytics.embedsignage.com
134.213.210.78 websockets.embedsignage.com
162.13.152.25 embedsignage.com
162.13.152.25 embed.cloud
94.236.56.96 storage101.lon3.clouddrive.com
??? rackcdn.com
Make sure they are not blocked by ping to IP and name, were resolved by name.
Make sure that they were not cached by Proxy.
Make sure they are whitelisted at URL filter.
Make sure they were not blocked by IDS. You are able white list the IP for the time of use.
If you need permit domain name to IP, for ex. a security maner, then add those to DNS of IPFire as Hosts or as DNS Forward.
BR
Trash
You can add them to hosts under Firewall->Firewall Groups. There you can define individual hosts and group them together as Host Group to refer to all of them at one in the firewall rules section. While the host definition accepts either ip or mac addresses the latter can‘t be used for outgoing connections. But this is only a convenience as it won‘t resolve the hostnames from your internal net! All it does is telling the firewall that the mentioned hostnames designate the respective ip addresses. If you want to resolve the fqdn you‘ll have to add them to the hosts under network->hosts.