Feature Request: DNS based firewall hosts/groups

Hello everyone,

I’d love to be able to create firewall hosts (Firewall / Firewall Groups / Hosts) based on DNS names rather than only IP/MAC.

This would especially be useful for DynDNS hosts and to make firewall rules more robust against changes in the networking infrastructure in general (Usually DNS names stay the same, even if the H/W or network structure underneath changes)

It would also allow to add firewall hosts for public services on the internet like Youtube for example.

Any chance we see this in a future release?

Greetings from Vienna!


I guess that’s still a no?

Hello to Vienna.

Yes, this is still a no. Simply because firewalls do not work like that and it is very very dangerous.

You do not want to do this.

If you have a dynamic host on the other end, please configure a VPN and then you won’t have to worry about this any more. The DNS rule will basically do the same: Open things for the whole Internet and you won’t have any improved security. You want that VPN.