Packet filter: allow wildcard subdomains
Firewall packet filtering based on wildcard subdomains and reverse DNS resolution.
Would like to allow/deny connections, using the packet filter, based on a wildcard subdomain (think *.example.com).
I Think this will be hard to implement, because the DNS Resolution is done at Client Side and the Packet Filter Module of the UTM will only see IP Adresses not DNS Names. Because Zone Transfer won't be allowed by the Destination Domains we will not be able to prefetch all possible subdomains - in Case of shared Servers / Content Switching the Reverse entry must not match the original forward Endtry.
The Only Way to archive this would be to enforce Usage of the DNS Proxy of UTM and to cache all Adresses for Domains with *.example.tld...
Paul Perkin commented
Upvote on this feature request instead: https://ideas.sophos.com/forums/17359-sg-utm/suggestions/1547589-networking-wildcard-hostnames-for-dns-group-defin