Block Internet but only allow Google.com



  • Hello,

    Say I have an IP address 192.168.1.10. How would I block all internet traffic but only allow access to say google.com to this IP address? Any help would be appreciated.



  • create a deny rule tcp only with source  192.168.1.10 and destination negated as an alias for www.google.com.
    before any "any any" rule
    and after a rule allowing to connect to tcp/udp to port 53 on the firewall for dns



  • One problem you will likely find with using a hostname alias for www.google.com is that the alias will not have ALL of the IP addresses for www.google.com.  So if you whitelist www.google.com with an alias, it's actually only whitelisting a small fraction of google's IP addresses, and there's no guarantee that the clients on your network will get those same IPs when they query www.google.com for themselves, so they may still get blocked.

    I don't know of any perfect solution for this yet in pfSense.  Maybe you could create an alias full of static IP addresses and manually update those aliases occasionally to try to include them all.



  • Wouldn't a host override for www.google.com work using unbound?


Log in to reply