sirius 0 Posted June 23, 2016 Share Posted June 23, 2016 Hi Nowadays most larger enterprises use load-balancing, high-availability and other technologies to keep their service available. Which means that one FQDN can have multiple IP addresses. Today ESET SmartSecurity Firewall operates at a per IP basis. Blocking many IPs (more than 2-3 for example) with the same name is quite annoying. Please implement this change to firewall. If there's a correct place to suggest features, point me there. Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted June 23, 2016 Administrators Share Posted June 23, 2016 That's tricky if not impossible. Firewall inspects packets where only information about IP addresses is available. In order to make possible what you suggest, ekrn would have to resolve hostnames to IP addresses on startup. If IP addresses were changed in the mean time, rules with hostnames would become invalid until the next computer restart. Link to comment Share on other sites More sharing options...
itman 1,659 Posted June 25, 2016 Share Posted June 25, 2016 Blocking many IPs (more than 2-3 for example) with the same name is quite annoying. Please implement this change to firewall.If the issue is blocking by domain name, you can do that using the web filtering feature. Just enable the block list and add the domain you want to block to it. Link to comment Share on other sites More sharing options...
bbahes 29 Posted December 13, 2016 Share Posted December 13, 2016 That's tricky if not impossible. Firewall inspects packets where only information about IP addresses is available. In order to make possible what you suggest, ekrn would have to resolve hostnames to IP addresses on startup. If IP addresses were changed in the mean time, rules with hostnames would become invalid until the next computer restart. Any plans to give us option to use FQDN in firewall rules? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted December 13, 2016 Administrators Share Posted December 13, 2016 Which firewall has such functionality? Packets contain IP addresses, not domain names. Link to comment Share on other sites More sharing options...
bbahes 29 Posted December 13, 2016 Share Posted December 13, 2016 (edited) Which firewall has such functionality? Packets contain IP addresses, not domain names. To be honest don't know any. So far I was able to create firewall rules based on fqdn only on hardware firewalls. The problem I have is that I need to prevent users from accessing any ip/port except for Microsoft Windows Update servers and there only 80/443. But finding ip addresses for them is nearly impossible...so at v5 I'm left with option to enter IP, IP range or subnet (would be nice if you gave IP list option). On v6 you gave option to control access on firewall for services so I plan to use that once we migrate to v6 and allow windows update service. Edited December 13, 2016 by bbahes Link to comment Share on other sites More sharing options...
Recommended Posts