DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

FEATURE REQUEST - DNS name based firewall rules.

  • m_d
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
02 Apr 2025 20:07 #104798 by m_d
Not sure how to submit feature requests, so thought to put it here. Hopefully Draytek do read this.

The firewall needs the ability to filter based on DNS names.

For example, if, instead of an IP address, I put 'google.com' in the Destination field of a firewall rule, the firewall will run a DNS lookup for 'google.com', and apply the filter rule if the Dest IP matches the IP(s) returned by the DNS query. 

This would be particularly to solve the following problem I have:
- A remote site needs the ability to dial-in a VPN to my Vigor 2865 at 'HQ'.
- I like to implement a firewall policy of 'Block all but what is explicitly required'.
- Therefore, to enable the VPN connection to be established, I need to create a rule as thus:
  • Direction: WAN -> Localhost
  • Source: IP of Remote Site
  • Service Type: IPsec VPN (Service Type Group)
- However, the remote site has a dynamic IP. Thus, each time it changes, I have to update my f/w rule, which is not very convenient.
- If the firewall could handle DNS names, I could simply setup a Dynamic DNS name for the remote site, which will update as the IP changes, and use this in my firewall rule. 

It seems that this method can be used with WAN Management ACL's, as per here: https://www.draytek.com/support/knowledge-base/11370 , but I have not seen any mention of this being used with firewall rules. 

Hope that makes sense, would be very glad if this could be implemented in an upcoming firmware update!
 

Please Log in or Create an account to join the conversation.

Moderators: Chris