@armagan153
Yes, you can block whatever you want.
But first, you have to know what 'traffic' is and how you can operate on it with a firewall, like pfSense, or any other firewall out there.
Know filter items are : source and destination IP, source and destination port, protocol used, and some less know items.
To fully understand what a firewall can use to make decisions to "block or pass", you have to know what a Ethernet packet is. Example : you can use "IP addresses" only, as a firewall operates on the Ethernet packets. On that level, hos names is an unknown concept.
A web browser uses its device IP to connect to a server IP.
@armagan153 said in Block all traffic except for certain websites.:
allow only access to Facebook
Alow or block only facebook (as an example)
This question is actually posed very often here on this forum.
I agree, a bit hard to find
You have to use the search button - see the top of this page - enter 'facebook.com' and hit search.
You will find many pages that contain the word (url) 'facebook,com', and you have to read through them one by one. Guaranteed to you find rather quickly something or some one that asked the very same question as you.
Now, take one step back. I've a question for you to answer.
What would you do if you worked for facebook ? What would you do so every potential customer can easily access the facebook (whatsapp) etc services every where on the planet ? Wouldn't you do everything in your (xxxxx billion dollar) power to make this happen ?
I'll repeat your question : you want to block someone like facebook, as an example.
The fastest solution would be : go work for them for a will as a network engineer, and you'll learn all about their network, and then you will know what to do.
You can't block facebook by putting facebook.com in an pfSense Alias (the alias gets resolved into all IP addresses every 5 minutes), and use the alias (== all the resolved IP addresses) in a firewall rule.
You'll discover that these IP address change all the time !! Quiet understandable, as Facebook takes servers down, for maintenance or whatever, and activates other ones constantly.
Google, Apple, X, Microsoft, etc etc are all doing the same thing.
I'm not trying to tell you that blocking 'whatever' it isn't possible.
It is.
For example, Facebook own (uses) its own AS (go wikipedia that one). With the help of pfBlockerng you can select this AS, and it will download the list with IP networks that it contains, and voila, you'll see : you can't access any facebook services anymore.