I'd like to add that I also use CIDR notation for the firewall rules, in addition to the name rules, and it works in most cases.
Sometimes some services change their addresses, but the time consumed to add new entries is not relevant. I use the 'dig' tool to find out in which block they are. Some of them use a whole /24 block. But most of time that's too many addresses, and would lead to unblock totally unrelated stuff: $ dig service.example.com -- iuri.neocities.org -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAF0bz4Rf%3D%2BrHpMsGc5_%2BDODY9xnYAgj2GVGkNYP673uf4JG22w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
