Allow only Gmail.com

ixee · Sep 9, 2012, 1:29 PM

Hi all,
I need to block all the HTTP/HPPTS websites (except for Gmail.com). What is my configuration ?

Many thanks!

Cry Havok · Sep 9, 2012, 8:33 PM

Please search the forum - this has been discussed many times already.

As a hint, you'll need to block all outbound ports by default (particularly 80 and 443) and use a proxy server.

ixee · Sep 10, 2012, 4:05 AM

Any idea without use proxy server and filter ? I used Rules for a block http/https. And Aliases for a accept Gmail. But not worked. Also I need a update from kaspersky.com. Sorry for my bad english.

Metu69salemi · Sep 10, 2012, 5:12 AM

Do you have allow rule before deny rule?

ixee · Sep 10, 2012, 5:31 AM

Created aliases and rules. See the attachments.

Metu69salemi · Sep 10, 2012, 5:56 AM

modify your rule.

Remove source port definition, that should do it

ixee · Sep 10, 2012, 6:09 AM

I modified, but also can't go out to my aliases sites.

dhatz · Sep 10, 2012, 2:08 PM

The method I'd use, which is also the one recommended by Google for users of Gmail and GoogleApps, would be to white-list Google's IPv4 blocks (and maintaining those with a script). It is described in a pfsense feature request I filed a year ago: http://redmine.pfsense.org/issues/1901

For details you can read Google's "Networking Best Practices for Large Deployments"