Adding a firewall rule for entire LAN



  • Hello everyone, new to PFSENSE.

    I need to know how to block all computers on my LAN from accessing a certain webpage but allow all computers on LAN to ping and receive response from that webpage.



  • Install squid and squidguard. Then go to Package/Proxy Server: General Settings/General and set it up. There you have an option that can able or disable ICMP who allow pings. And in ACLs you add whatever websites you want to add in blacklist.



  • Why squid for that simple filter purpose?

    Just add an alias for that host in Firewall > Aliases > IP, set a name and enter the FQDN below.
    Now, assuming you have still the default allow any-to-any rule in place, add a new block firewall rule to the LAN interface (Add to the top). At destination select "Single host or alias" and enter the alias you've created first.
    Add an additional rule to the top of the list, now set Pass at action, at Protocol select "ICMP" (if you want you may restrict it to "Equo request" only) and at destination again enter the alias you've created above.



  • "block access to the web page but allow responses from the web page" Is this even logically valid? I'm not sure what is meant by "ping" a web page. You mean ping the server?



  • What kind of "response from that webpage" do you mean?