Qvm-firewall wildcard for dsthost

Is there any wildcard (or easy workaround) for qvm-firewall?

qvm-firewall disp123 add --before 0 action=accept dsthost=*.com

qvm-firewall disp123 add --before 0 action=drop dsthost=*.ru

Like Restricting a qube to selected websites

^example\.net$
\.example\.net$

but without tinyproxy.

I don’t think this is possible with iptables, you can use hostnames because they can be translated to IP addresses, but there is no way to get all addresses that match a subdomain wildcard.

I didn’t try, but it should works with iptables.