Not sure how to submit feature requests, so thought to put it here. Hopefully Draytek do read this.
The firewall needs the ability to filter based on DNS names.
For example, if, instead of an IP address, I put 'google.com' in the Destination field of a firewall rule, the firewall will run a DNS lookup for 'google.com', and apply the filter rule if the Dest IP matches the IP(s) returned by the DNS query.
This would be particularly to solve the following problem I have:
- A remote site needs the ability to dial-in a VPN to my Vigor 2865 at 'HQ'.
- I like to implement a firewall policy of 'Block all but what is explicitly required'.
- Therefore, to enable the VPN connection to be established, I need to create a rule as thus:
- Direction: WAN -> Localhost
- Source: IP of Remote Site
- Service Type: IPsec VPN (Service Type Group)
- However, the remote site has a dynamic IP. Thus, each time it changes, I have to update my f/w rule, which is not very convenient.
- If the firewall could handle DNS names, I could simply setup a Dynamic DNS name for the remote site, which will update as the IP changes, and use this in my firewall rule.
It seems that this method can be used with WAN Management ACL's, as per here:
https://www.draytek.com/support/knowledge-base/11370
, but I have not seen any mention of this being used with firewall rules.
Hope that makes sense, would be very glad if this could be implemented in an upcoming firmware update!