Are there any firewalls out there that base hostname rules on IP's.
For example allowing Facebook.com, allows the IP's for FB rather than the Layer 7 address? No doubt there is a better way to explain this.
My goal would be to make a small allow list such as Facebook.com,YouTube.com,Reddit.com. Then no matter where the DNS resolves to, only those sites will load. Default Deny, no blacklists, no blocking bad ip's. (yes i'm aware this is a management nightmare for your corporate firewalls)
No comments:
Post a Comment