I've noticed you can add a domain in the address field in IP firewall but when you save it routerOS resolves the IP and works on all traffic relating to that IP address instead of a domain. I ask this because i want to be able to implement filters such as blocking any traffic from known malware sites but these sites could be hosted on legitimate providers such as amazon which may use the same ip address as legitimate sites.

This may also help with routing some traffic between own sites for example if i wanted the default homepage on my network or hotspot to be my website that is hosted on a public web server somewhere else

the problem with that is that the filter is an IP filter. not a domain filter.

I think what you should be doing is setting a static DNS entry for the domain names you want filtered, pointing them to 127.0.0.1.

You can use Layer 7 protocol rules to catch domains. vut be careful as it needs lots of resources.

I dont want to use L7 because of the resource usage. I would prefer to intercept the requests but not through L7.

Sometimes IP addresses can change so it can invalidate firewall rules based on IP.