I have earlier asked some doubts regarding firewall rule creation
Link to the post
Now, I wanted to know if outbound firewall rules can be created to access only certain domains?
For example, I wanted to create a firewall rule to open port 80. But I dont we can’t open port 80 to all users. So, can I open port 80 only to access submit.bitdefender.com?
Like that, inbound rules only from certain domains?
-Josin
Not possible. Firewall talks to IP Addresses, don’t know any FDQN or hostnames.
You can try to dig for submit.bitdefender.com for how many ip addresses it will correspond, also you can try to ask BitDefender if they can tell you the ip addresses of this service. You can add this IP as hosts, and hosts as group. Then create a rule for host or group.
Hi,
this is not possible indeed: Many domains point to Content Delivery Networks (CDNs) such as Cloudflare or Akamai, so some IP addresses might handle traffic for several thousand domains. Even if there is a 1:1 correlation between a domain and an IP address, a firewall would have to do deep-packet inspection in order to find out which FQDN is being queried.
Please consider running a Web Proxy instead, where FQDN processing is a common task.
Thanks, and best regards,
Peter Müller