Block Discord and Roblox only for select workstations on LAN
-
I have the Netgate SG-2100 with 23.09.1-RELEASE (latest available.)
It has become necessary to prevent specific workstations on the LAN from accessing a couple specific Internet resources, namely (1) Discord (via application client or browser) and (2) Roblox (the gaming platform).
Currently, the private LAN is configured so that no workstation has Internet access unless a rule is created for that specific workstation. Workstations are identified by MAC address for DHCP reservation. Currently there are a few unrestricted workstations with full Internet access and the rest have no Internet access, only local LAN browsing. For the workstations with Internet access, we would like to block Discord and Roblox on most, but not all of them.
I've been reading about pfBlockerNG which does not seem to be a good fit since it is going to Impact all clients on the LAN and seems more of a DNS based blacklist.
I've tried specific blocking firewall rules however it seems that with all of the round-robin and cloud based multi IP things going on with Internet destinations I am not having much luck. There are multiple IP addresses sometimes not within the same CIDR block for the same Internet destination, ie Roblox.
Is this something IPBL and what is the best tool to accomplish this relatively painlessly? By painlessly I am not looking to convert the LAN to a squid proxy or something like that, just block Discord and Roblox from some of the workstations. Maybe there is another plugin that generates firewall rules based on last known IPs involved with common destinations like Discord and Roblox.
-
@coltswalker if you know the hostnames you can create host overrides so they resolve nowhere. I do not recall specifics but unbound has “views” to control access for certain clients. You should be able to find info about that here.
