Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow only some websites through pfBlockerng

    pfBlockerNG
    3
    17
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      abanet @greenlight
      last edited by

      @greenlight I will try this way and tell you something

      Thanks a lot for your help!

      1 Reply Last reply Reply Quote 0
      • A
        abanet @greenlight
        last edited by

        @greenlight said in Allow only some websites through pfBlockerng:

        https://forum.netgate.com/topic/150084/is-pfblockerng-able-to-block-all-outbound-traffic-except-whitelistet-sites/17

        You can follow the steps in this link without pfblockerng.

        I also prepared a visual for you. I tried it myself and it works this way. You must only specify a static IP address for the device you will use. After then

        1.png
        Create an aliases for websites with permissions

        2.png
        Create aliases for devices that you allow and whose IP addresses you fix. The marked IP address belongs to my device. You'll probably type 192.168.8.80 there.

        3.png
        You will create a rule to block internet access for all devices.

        4.png
        By selecting the aliases you created here, you will define the devices and the addresses they will connect to.

        5.png
        Your rules should look like this.

        Finally, reload the filters. You can make additions or deletions for both aliases groups. Doing this on the Aliases side will be enough.

        The main way pfblockerng works is to block external connections to pfsense. Of course, connections can be blocked in both directions. Very useful for interface based restrictions. But the rules are more favorable for restrictions within the subnet.

        Hi again! I tried this solution but still is blocked. I see traffic on rule but still can't connect. Any suggestion?

        G 1 Reply Last reply Reply Quote 0
        • G
          greenlight @abanet
          last edited by greenlight

          @abanet hello, the pass rule should be in the first line. Did you notice this?

          A 1 Reply Last reply Reply Quote 0
          • A
            abanet @greenlight
            last edited by abanet

            @greenlight Hi! Yes. I put on top but didn't works. I tried create same rule in "floating rules" but still can access to web sites in "Adresses" alias

            G 1 Reply Last reply Reply Quote 0
            • G
              greenlight @abanet
              last edited by greenlight

              @abanet You must use LAN rules. Why are you trying Floating rules? I also tried this on my own system before creating the screenshots and it worked. A step you missed or something you previously configured might be preventing this from working.

              A 1 Reply Last reply Reply Quote 0
              • A
                abanet @greenlight
                last edited by

                @greenlight Floating rules are enabling by pfBlocker. I tried disable this option in pfBlocker and put your rule on top but didn't work

                G 1 Reply Last reply Reply Quote 0
                • G
                  greenlight @abanet
                  last edited by

                  @abanet Disable pfblockerng and disable all its rules (including LAN and Floating).

                  Just follow the rules I have shown on the LAN side.

                  A 1 Reply Last reply Reply Quote 0
                  • A
                    abanet @greenlight
                    last edited by

                    @greenlight In that way works. But I need use pfBlockerng

                    G 1 Reply Last reply Reply Quote 0
                    • G
                      greenlight @abanet
                      last edited by

                      @abanet what is your pfsense version?

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan @greenlight
                        last edited by

                        @greenlight

                        Easy.
                        2.7.1 (or 23.09).

                        Those who use 2.7.0 or earlier and install pfBlockerng 'now' brake the rules : Never install packages before pfSense is on the latest version.

                        The latest pfBlockerng is compiled against "OpenSSL 3.0", something pfSense 2.7.0 hasn't. It will fail right away.
                        There is another thread, yesterday or so, that illustrates this situation.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        A 1 Reply Last reply Reply Quote 0
                        • A
                          abanet @Gertjan
                          last edited by

                          @Gertjan said in Allow only some websites through pfBlockerng:

                          2.7.1 (or 23.09).

                          Those who use 2.7.0 or earlier and install pfBlockerng 'now' brake the rules : Never install packages before pfSense is on the latest version.

                          Hi! I did a fresh installation yestarday, pfSense 2.7.1 and last pfBlockerng but still doesn't work

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.