My proposition.
- build database of ip -> hostname map with all A records for each domain
- when filtering, lookup for exact match, and if no match look up for hostnames only (this is optional but I think it'd be good to keep it this way because we can see in the execution log why did the flow got filtered out)
- the execution log is meant to be insightful about the script operation, so that we can analyse it performs as we wish
Dependencies:
pip3 install dnspython