please allow to filter based on reverse dns

[davidsmith91]

sometimes the domain doesn't appear in the popup main address.

i want to be able to allow or block certain reverse dns..

[luckman212]

Not the developer, but I will comment generally that firewalls don't typically work by DNS hostname. Doing a reverse DNS query on every connection would be very slow and "expensive". Even DNS-based blocklists usually translate names to IPs and create the actual rules based on the IPs (which can by dynamic or anycast/CDN-based, which is why name-based blocklists are not 100% effective)

[davidsmith91]

Not the developer, but I will comment generally that firewalls don't typically work by DNS hostname. Doing a reverse DNS query on every connection would be very slow and "expensive". Even DNS-based blocklists usually translate names to IPs and create the actual rules based on the IPs (which can by dynamic or anycast/CDN-based, which is why name-based blocklists are not 100% effective)

No problem. Just have cache of hostnames to ip.

[objective-see]

LuLu is a NEFilterDataProvider, meaning it only sees new connections ('flows', that are NEFilterFlow objects). And yes, sometimes the flow (delivered to LuLu by macOS) does not have a domain.

Also as a NEFilterDataProvider LuLu does not see full packets, and as such cannot parse them, for example to extract DNS responses (that would map an IP address to a host name).

Yes, this could be done via integrating a DNS Monitor (see: https://github.com/objective-see/DNSMonitor) ...but that's a ton of extra code/logic/parsing.

Also reverse DNS can fails when the IP’s PTR record isn’t properly set or delegated.

So, AFAIK there is no easy way to get the domain 🤷‍♂️