Can a firewall rule specify domain name instead of IP address

We need to configure an outgoing firewall rule for s3.amazonaws.com which can have many IP addresses. Is it possible to setup a firewall rule using a domain name? I tried this and it did not work: pass out break end from any to s3.amazonaws.com inspect-state

Hi

The problem with using domain names is when the firewall rules are processed it caches the address that result for a single address. If the domain is serviced by a number of IPaddress in round robin it will be very temperamental.