I'm running Home Assistant in my home network and in order for Google Home to interact with it, the system must be accessible from the outside.
I don't want the open port to appear on any scan against my external ip, therefore I wanted to restrict the NAT rule from "Source : any" to an alias containing only the subnets that Google uses to contact my network.
I soon realised that there are way too many of them to enter them manually. Every time I trigger it I see a different subnet popping up in the logs. The logical (and correct) thing to do would be to lookup the source IP and see if resolves to anything that ends with "google.com" but I can't find a way to do it inside pfSense
Any other idea is welcome.