Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block Internet but only allow Google.com

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 4 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      needhelp123
      last edited by

      Hello,

      Say I have an IP address 192.168.1.10. How would I block all internet traffic but only allow access to say google.com to this IP address? Any help would be appreciated.

      1 Reply Last reply Reply Quote 0
      • F
        Fabio72
        last edited by

        create a deny rule tcp only with source  192.168.1.10 and destination negated as an alias for www.google.com.
        before any "any any" rule
        and after a rule allowing to connect to tcp/udp to port 53 on the firewall for dns

        1 Reply Last reply Reply Quote 0
        • J
          Jeremy11one
          last edited by

          One problem you will likely find with using a hostname alias for www.google.com is that the alias will not have ALL of the IP addresses for www.google.com.  So if you whitelist www.google.com with an alias, it's actually only whitelisting a small fraction of google's IP addresses, and there's no guarantee that the clients on your network will get those same IPs when they query www.google.com for themselves, so they may still get blocked.

          I don't know of any perfect solution for this yet in pfSense.  Maybe you could create an alias full of static IP addresses and manually update those aliases occasionally to try to include them all.

          1 Reply Last reply Reply Quote 0
          • R
            rpotter28
            last edited by

            Wouldn't a host override for www.google.com work using unbound?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.