Daniel wrote:
Hi!
My ISP provides me ADSL service with daily changing ip. Still I must
somehow control the access to my postgresql server, to only accept
connections from my computer. Is it possible to specify a hostname (my
hostname, which gets updated at every ip change) in pf.conf and somehow
tell pf to don't try to translate it when loading the rule, but try to
lookup the hostname on every connections attempt?
Is this sane/possible?
It's not possible without executing pfctl repeatedly.
pf(4) operates at OSI Layers 3 and 4. Making a DNS query is a Layer 7
operation and handled by pfctl(8), which is the userland controller and
configuration parser for pf(4).
Instead of relying on IP addresses, you can use authpf(8). Which won't
limit you to work just from home when you can authenticate via ssh from
anywhere.
Using authpf is a more convenient and secure approach. So use it.
