Page MenuHomeVyOS Platform

Wildcard Domains / TLDs in Firewall-Rules (and perhaps groups)
Open, WishlistPublicFEATURE REQUEST


It would be very helpful to be able to use whole Domains / TLDs (Wildcards).
A specific use-case would be, to block the new .ZIP- and .MOV-Domains for example.

For example:

set firewall name LAN-WAN rule 10 destination fqdn '*.zip'
set firewall name LAN-WAN rule 10 action drop

Example in groups:

set firewall group domain-group Malicious-Domains address '*.zip'


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Improvement (missing useful functionality)

Event Timeline

This would have to be handled with DNS and not in the firewall. Hostnames work on firewall because they are resolved prior to use in rules.

dmbaturin triaged this task as Wishlist priority.Jan 11 2024, 11:29 AM
dmbaturin added a project: VyOS 1.5 Circinus.