Currently, the firewall operates only on "allow/deny" basis for the whole packet, as long as it's answers includes a name from the whitelist.
Current situation creates unnecessary traffic in target network, extraneous data being transmitted over the tunnel and potentially exposes sensitive data to the whole target network.
Smarter firewall would solve this by re-creating the packet with irrelevant answers and questions cut out. Only the whitelisted names would be passed over the tunnel.
Currently, the firewall operates only on "allow/deny" basis for the whole packet, as long as it's
answers
includes aname
from the whitelist.Current situation creates unnecessary traffic in target network, extraneous data being transmitted over the tunnel and potentially exposes sensitive data to the whole target network.
Smarter firewall would solve this by re-creating the packet with irrelevant answers and questions cut out. Only the whitelisted
names
would be passed over the tunnel.