i run an appVM with thunderbird only. I do have my own mail server and i also do have a google mail address in thunderbird.
When i enable the firewall in the email AppVM to only allow connections to known hosts and their email ports everything seems to work at first.
After a while though Thunderbird is unable to send out emails via google and only way to fix this is by going into the AppVM fw settings, clicking edit on one google mail setting and not changing anything. Just a press of OK and then apply in the AppVM settings window.
Voila i can now send again via google.
I do not know how or where i can see when this happens in logs to analyze further.
The problem is that there is no unique mapping with these domains to IP addresses. This is going to be a problem with any service serving a large number of users, where a domain name may be mapped to multiple servers with different IP addresses. DNS queries will then likely give you different answers over the time. I don’t know what the best solution here is but you can try fixing the answers to DNS queries using /etc/hosts in Linux. Note that Firefox, for instance, may be doing its own DNS queries, ignoring the content of this file, though.
The fw is just allowing connections out to the dns names and those don’t keep changing/rotating IP’s.
That the resolution of the name could be the problem just doesn’t make any sense to me right now.
Your reply confuses me even more, could you please elaborate a bit more.
Note that if you specify a rule by DNS name it will be resolved to IP(s) at the moment of applying the rules , and not on the fly for each new connection. This means it will not work for servers using load balancing, and traffic to complex web sites which draw from many servers will be difficult to control.
This is why when you re-save the firewall rules it starts working again, because saving causes the IP adresses to be updated.