Block Internet but only allow Google.com
needhelp123 last edited by
Say I have an IP address 192.168.1.10. How would I block all internet traffic but only allow access to say google.com to this IP address? Any help would be appreciated.
Fabio72 last edited by
create a deny rule tcp only with source 192.168.1.10 and destination negated as an alias for www.google.com.
before any "any any" rule
and after a rule allowing to connect to tcp/udp to port 53 on the firewall for dns
Jeremy11one last edited by
One problem you will likely find with using a hostname alias for www.google.com is that the alias will not have ALL of the IP addresses for www.google.com. So if you whitelist www.google.com with an alias, it's actually only whitelisting a small fraction of google's IP addresses, and there's no guarantee that the clients on your network will get those same IPs when they query www.google.com for themselves, so they may still get blocked.
I don't know of any perfect solution for this yet in pfSense. Maybe you could create an alias full of static IP addresses and manually update those aliases occasionally to try to include them all.
rpotter28 last edited by
Wouldn't a host override for www.google.com work using unbound?