Feature #10166
closed
Add DNS-over-TLS as option to source/destination port range when creating a firewall rule
100%
Description
With the recent attention around DNS-over-TLS and DNS-over-HTTPS, would it be possible add these two entries as pre-populated items in the firewall source/destination ranges?
For example, right now, it only shows
DNS (53).
DNS-over-TLS (DoT) uses 853/tcp.
[[https://tools.ietf.org/html/rfc7858]]
DNS-over-HTTPS (DoH) uses 443/tcp.
[[https://tools.ietf.org/html/rfc8484]]
Updated by Jim Pingle almost 5 years ago
DNS over TLS may be OK, but adding DoH would give the false impression that it would match only DoH traffic. Plus there is already a choice for 443 (HTTPS). When the page loads with a port value of 443 it would jump to whichever entry was first in the list, not what the user selected.
Updated by Logan Marchione almost 5 years ago
Jim Pingle wrote:
DNS over TLS may be OK, but adding DoH would give the false impression that it would match only DoH traffic. Plus there is already a choice for 443 (HTTPS). When the page loads with a port value of 443 it would jump to whichever entry was first in the list, not what the user selected.
Ah, derp, good point with 443. That makes sense.
Updated by Jim Pingle almost 5 years ago
- Category changed from Web Interface to Rules / NAT
- Status changed from New to In Progress
- Assignee set to Jim Pingle
Updated by Jim Pingle almost 5 years ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset d2c6e89c40b1bff2deb1f0a8847a5199b317ba0f.
Updated by Viktor Gurov almost 5 years ago
- Status changed from Feedback to Resolved
Jim Pingle wrote:
Applied in changeset d2c6e89c40b1bff2deb1f0a8847a5199b317ba0f.
tested on 2.4.5.a.20200107.1903