Project

General

Profile

Actions

Feature #10166

closed

Add DNS-over-TLS as option to source/destination port range when creating a firewall rule

Added by Logan Marchione almost 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
Rules / NAT
Target version:
Start date:
01/06/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

With the recent attention around DNS-over-TLS and DNS-over-HTTPS, would it be possible add these two entries as pre-populated items in the firewall source/destination ranges?

For example, right now, it only shows

DNS (53)
.

DNS-over-TLS (DoT) uses 853/tcp.
[[https://tools.ietf.org/html/rfc7858]]

DNS-over-HTTPS (DoH) uses 443/tcp.
[[https://tools.ietf.org/html/rfc8484]]

Actions #1

Updated by Jim Pingle almost 2 years ago

DNS over TLS may be OK, but adding DoH would give the false impression that it would match only DoH traffic. Plus there is already a choice for 443 (HTTPS). When the page loads with a port value of 443 it would jump to whichever entry was first in the list, not what the user selected.

Actions #2

Updated by Logan Marchione almost 2 years ago

Jim Pingle wrote:

DNS over TLS may be OK, but adding DoH would give the false impression that it would match only DoH traffic. Plus there is already a choice for 443 (HTTPS). When the page loads with a port value of 443 it would jump to whichever entry was first in the list, not what the user selected.

Ah, derp, good point with 443. That makes sense.

Actions #3

Updated by Jim Pingle almost 2 years ago

  • Category changed from Web Interface to Rules / NAT
  • Status changed from New to In Progress
  • Assignee set to Jim Pingle
Actions #4

Updated by Jim Pingle almost 2 years ago

  • Target version set to 2.4.5
Actions #5

Updated by Jim Pingle almost 2 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions #6

Updated by Viktor Gurov almost 2 years ago

  • Status changed from Feedback to Resolved

Jim Pingle wrote:

Applied in changeset d2c6e89c40b1bff2deb1f0a8847a5199b317ba0f.

tested on 2.4.5.a.20200107.1903

Actions

Also available in: Atom PDF