On 2022-05-04, Marcus MERIGHI <mcmer-open...@tor.at> wrote: > Hello! > > I need to block http/s traffic, but only for some Host: header values. > I.e. domain "xyz.abc" should be reachable, domain "klm.opq" not, both > behind the same IP. > > This rules out blocking with PF. > > I looked at relayd(8)/relayd.conf(5) next. > I found "from address[/prefix]" in the "FILTER RULES" section. > But relayd.conf(5) does not seem to have a table option for this > purpose, as pf.conf(5) does. > > So it would take one config line per IP or Network; with > > $ wc -l /etc/pf/geoallow > 20649 /etc/pf/geoallow > > this would bloat my relayd.conf quite a bit :-) > > Have I missed something in relayd.conf(5)? > Any other ideas to solve the task? > > Thanks in advance for any pointers!
Maybe redirect connections from the PF table to a different port, then handle the two ports differently in relayd? -- Please keep replies on the mailing list.
