Block Internet but only allow

  • Hello,

    Say I have an IP address How would I block all internet traffic but only allow access to say to this IP address? Any help would be appreciated.

  • create a deny rule tcp only with source and destination negated as an alias for
    before any "any any" rule
    and after a rule allowing to connect to tcp/udp to port 53 on the firewall for dns

  • One problem you will likely find with using a hostname alias for is that the alias will not have ALL of the IP addresses for  So if you whitelist with an alias, it's actually only whitelisting a small fraction of google's IP addresses, and there's no guarantee that the clients on your network will get those same IPs when they query for themselves, so they may still get blocked.

    I don't know of any perfect solution for this yet in pfSense.  Maybe you could create an alias full of static IP addresses and manually update those aliases occasionally to try to include them all.

  • Wouldn't a host override for work using unbound?

Log in to reply