I have certain connections that sometimes use SNI but other times don’t. When they don’t use SNI the connections get blocked. To get around this and make sure they are allowed every time, I have come up with a solution using the
xbits keyword to allow any destination IP that presents an allowed SNI value for the next X seconds. I have two questions:
How many different destination IPs can
xbits track at once? I am hoping to be able to track thousands of destination IPs at a time.
How long can xbits track destination IPs? I would like to set the
expire value to possibly be as high as 24 hours.
Thank you in advance!