Filter by hostname with wildcard

jandafields · May 30, 2012, 7:42pm

This would be an EXCELLENT feature:

Allow firewall filter rule to block (or allow or whatever) by hostname with regex.

For example:

dst-add=.*.mydomain.com

(That is the regex for *.mydomain.com)

This would lookup and match anything from *.mydomain.com regardless of the IP address. Some hostnames have MANY ip addresses, and those IP addresses change often.

Cisco can do this, as well as some other firewalls.

On another note… if anyone knows how to do something like this already with Mikrotik, through a script or whatever, please share!!!

brotherdust · May 30, 2012, 7:47pm

Depending on the protocol, you may be able to use a regex in the L7 filter. Just a thought. =/

jandafields · May 30, 2012, 7:57pm

I was just thinking about that. Do you know if hostnames are in plaintext in SSL traffic so that L7 would work with SSL?