pfSense - Blocking direct IP outbound traffic

I would like to deny outbound connections from my network unless the destination IP address has been obtained from a DNS query. The idea is to reduce possible connections to C2 servers from inside my network (where the connection to the C2 server is initiated directly to an IP address rather than first resolving a DNS name). Does anyone know if pfSense can be configured to do that ?

I’ve never heard of something like this. You would need a custom DNS server that reports the names that were resolved and passes the IPs to a firewall. And you’d need some mechanism to invalidate IPs after a certain time. Sounds like a lot of work.

e2guardian, but install is not as simple as official packages:

http://e2guardian.org/cms/index.php

In the Group options you can do this, I think it defaults when you run in walled garden mode like I’m running.

Hey Greg, thanks for posting this. I will give it a try. Regards John

The real time monitor is very useful when you are trying to let things through with exceptions. You can filter by the IP of the device you are using for testing, and extend the list to 200 lines. Probably mostly good for walled garden exceptions, but might be useful for other types of filtering.