UFW - can I add a domain?

Question

This will work fro the docs:

sudo ufw allow proto tcp from 192.168.0.2 to any port 22

But..will this work?

 sudo ufw allow proto tcp from foo.bar.com to any port 22

I am using ubuntu 12.04

score 4 · Accepted Answer · answered Jul 09 '13 at 08:38

4

Apparently not

sudo ufw allow proto tcp from 192.168.254.13 to any port 22
Rule added

then

sudo ufw allow proto tcp from foo.bar.com to any port 22
ERROR: Bad source address

UFW is just a front end no netfilter/iptables which will take a name and convert it to an address however this is not good practice as the name is only resolved when the rule is added and changes are not notified to netfilter.

answered Jul 09 '13 at 08:38

user9517

115,471
20
215
297

2

What's the proper solution to this problem that doesn't involve resorting to a layer 7 switch or something external to the local machine? I've been looking at Squid, but for HTTPS traffic there doesn't seem to be a way to force clients to use Squid. (I'm thinking of Google Chrome in this case.) And `/etc/hosts` is also ignored for HTTPS traffic. – hourback Apr 04 '14 at 00:20

UFW - can I add a domain?

1 Answers1