Ensmarten the firewall (make it less dumb)

[toxuin]

Currently, the firewall operates only on "allow/deny" basis for the whole packet, as long as it's answers includes a name from the whitelist.

Current situation creates unnecessary traffic in target network, extraneous data being transmitted over the tunnel and potentially exposes sensitive data to the whole target network.

Smarter firewall would solve this by re-creating the packet with irrelevant answers and questions cut out. Only the whitelisted names would be passed over the tunnel.