Blocking everything except...
-
I have a customer that needs to block everything except a few domains.
So they basically would like to have some whitelisted domains, and the problem of course is that some of these are using a CDN or otherwise use multiple IP addresses.
I am assuming this is a job for squid? Or do you have any better suggestions? What is the best way of getting this done?
This block has to happen for all traffic from a specific VLAN. Other VLAN's should not be affected.
-
Perhapse more pfBlockerNG than Squid. It blocks using DNS Resolver service.
-
Usually when people ask this they don't really understand what they're asking for. Any site that has a large CDN probably pulls data fro numerous domains to work correctly. Allowing, for example, only *.gmail.com to resolve is not going to end well.
Steve
-
@stephenw10
Thank you for taking the time to answer. Although, I do not fully understand your answer.Was it a hint that I do not understand what I am asking for? Or is it something you wanted me to pass on to my customer?
Please help me understand how your answer will help me come up with a solution
-
@mare Great. Thank you. Will take my question over to the sub forum for pfBlockerNG.
-
I'm saying what the customer is asking for is probably more complex than they think.
"Just a few domains" is probably just a few sites which could be a large number of domains and also a moving target.
It might not be...Steve
-
The same person asked the same question here: https://forum.netgate.com/topic/148392/blocking-everything-except
They got a response yet never followed up...that leads me to conclude that OP isn't sure what the alleged customer wants.
-
@NollipfSense Please read this whole thread before making any judgement
-