Firefox for Enterprise Community Forum

Hi All, I want to block traffic on firefox externally for managed devices via Intune, following the import of the ADMX/ADML files into intune.

Having read https://support.mozilla.org/en-US/kb/managing-firefox-intune I have set '\Mozilla\Firefox\Exceptions to blocked websites' to the following; //*.mydomain.com/*

Which works, however, I also want to add hosts that are only resolving on IPs and not DNS. I can add specific IPs if known, but is there a way I can allow IP ranges? Ie

//10.10.*/* (this doesn't currently work) Of the included screenshot, only the wildcard for mydomain.com and the specific IP currently work

I've looked over the link that is recommened in the policy (indirectly) and can't see an option for allowing an IP range. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Match_patterns

If there is a better way to do this via intune for firefox only, please let me know.

Thanks

I am a DNS administator at my employers and notice that on my employers network that aus3.mozilla.org and aus4.mozilla.org seem to be returning NXDOMAIN both with our on prem DNS and via the public dns providers when a browser attempts update it can fail.

Have other Australian users reported such behavior and are these hosts still valid

DIG

grudd@crayon:~$ dig @8.8.8.8 aus3.mozilla.org

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> @8.8.8.8 aus3.mozilla.org

(1 server found)

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40382

flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 512

QUESTION SECTION:

aus3.mozilla.org. IN A

AUTHORITY SECTION:

mozilla.org. 2 IN SOA infoblox1.private.mdc1.mozilla.com. hostmaster.mozilla.com. 2024020614 180 180 1209600 60

Query time: 0 msec

SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

WHEN: Mon Jun 02 10:04:52 AEST 2025

MSG SIZE rcvd: 126

grudd@crayon:~$ dig stun.services.mozilla.com

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> stun.services.mozilla.com

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56679

flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 1280

QUESTION SECTION:

stun.services.mozilla.com. IN A

AUTHORITY SECTION:

services.mozilla.com. 836 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

Query time: 0 msec

SERVER: 10.67.10.62#53(10.67.10.62) (UDP)

WHEN: Mon Jun 02 10:13:11 AEST 2025

MSG SIZE rcvd: 138

grudd@crayon:~$ dig @8.8.8.8 stun.services.mozilla.com

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> @8.8.8.8 stun.services.mozilla.com

(1 server found)

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62337

flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 512

QUESTION SECTION:

stun.services.mozilla.com. IN A

AUTHORITY SECTION:

services.mozilla.com. 127 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

Query time: 0 msec

SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

WHEN: Mon Jun 02 10:13:19 AEST 2025

MSG SIZE rcvd: 135

grudd@crayon:~$ dig @8.8.8.8 aus4.mozilla.org

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> @8.8.8.8 aus4.mozilla.org

(1 server found)

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15261

flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 512

QUESTION SECTION:

aus4.mozilla.org. IN A

AUTHORITY SECTION:

mozilla.org. 40 IN SOA infoblox1.private.mdc1.mozilla.com. hostmaster.mozilla.com. 2024020614 180 180 1209600 60

Query time: 4 msec

SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

WHEN: Mon Jun 02 10:24:30 AEST 2025

MSG SIZE rcvd: 126

grudd@crayon:~$ dig @8.8.8.8 aus4.mozilla.org

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> @8.8.8.8 aus4.mozilla.org

(1 server found)

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26928

flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 512

QUESTION SECTION:

aus4.mozilla.org. IN A

AUTHORITY SECTION:

mozilla.org. 35 IN SOA infoblox1.private.mdc1.mozilla.com. hostmaster.mozilla.com. 2024020614 180 180 1209600 60

Query time: 0 msec

SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

WHEN: Mon Jun 02 10:24:32 AEST 2025

MSG SIZE rcvd: 126

grudd@crayon:~$ dig @8.8.8.8 aus5.mozilla.org

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> @8.8.8.8 aus5.mozilla.org

(1 server found)

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37023

flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 512

QUESTION SECTION:

aus5.mozilla.org. IN A

ANSWER SECTION:

aus5.mozilla.org. 48 IN CNAME balrog-aus5.r53-2.services.mozilla.com. balrog-aus5.r53-2.services.mozilla.com. 58 IN CNAME prod.balrog.prod.cloudops.mozgcp.net. prod.balrog.prod.cloudops.mozgcp.net. 984 IN A 35.244.181.201

Query time: 4 msec

SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

WHEN: Mon Jun 02 10:24:43 AEST 2025

MSG SIZE rcvd: 163

grudd@crayon:~$ dig @8.8.8.8 aus5.mozilla.org SOA

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> @8.8.8.8 aus5.mozilla.org SOA

(1 server found)

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65395

flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 512

QUESTION SECTION:

aus5.mozilla.org. IN SOA

ANSWER SECTION:

aus5.mozilla.org. 42 IN CNAME balrog-aus5.r53-2.services.mozilla.com. balrog-aus5.r53-2.services.mozilla.com. 52 IN CNAME prod.balrog.prod.cloudops.mozgcp.net.

AUTHORITY SECTION:

balrog.prod.cloudops.mozgcp.net. 300 IN SOA ns-cloud-d1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300

Query time: 108 msec

SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

WHEN: Mon Jun 02 10:24:49 AEST 2025

MSG SIZE rcvd: 237

grudd@crayon:~$