Block Website for Single IP or a Network Range



  • Hello,

    We are testing pfsense to implement in our network for website and download blocking for some of the members. I am able to do so with Squid and SquidGuard, where we can block the website or download for all the network. But i am not able to find how to block it for some of the IPs or network range.

    Please help me here.



  • You do it via squidguard's Groups ACL.  Create a new ACL, configure it with your IPs or network and then configure your target rules list for that ACL.



  • Hello,

    I tried with Group ACL method but not able to block for single IP or network. However it work fine when define only target rules and that apply on all the network.

    However i tried another method via create alias.

    • I created alias where i mentioned all the facebook IPs/network.
    • I created a alias where i mentioned the IP where i need to block facebook.
    • Then i created a rule (firewall) where is selected the source alias [Local IP alias] and destination alias [Facebook IPs] and applied rejected rule.

    But still i am not able to block facebook on selected IP.



  • I tried with Group ACL method but not able to block for single IP or network.

    Then you're doing something wrong.  It does work.  I use it that way myself.  Maybe you have a problem with the order the ACLs are listed in?

    btw this really should be in the Cache/Proxy forum.