4. Block Internet but only allow Google.com

Block Internet but only allow Google.com

  • N

    Hello,

    Say I have an IP address 192.168.1.10. How would I block all internet traffic but only allow access to say google.com to this IP address? Any help would be appreciated.

    0
  • F

    create a deny rule tcp only with source  192.168.1.10 and destination negated as an alias for www.google.com.
    before any "any any" rule
    and after a rule allowing to connect to tcp/udp to port 53 on the firewall for dns

    0
  • J

    One problem you will likely find with using a hostname alias for www.google.com is that the alias will not have ALL of the IP addresses for www.google.com.  So if you whitelist www.google.com with an alias, it's actually only whitelisting a small fraction of google's IP addresses, and there's no guarantee that the clients on your network will get those same IPs when they query www.google.com for themselves, so they may still get blocked.

    I don't know of any perfect solution for this yet in pfSense.  Maybe you could create an alias full of static IP addresses and manually update those aliases occasionally to try to include them all.

    0
  • R

    Wouldn't a host override for www.google.com work using unbound?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy