Block everything except *

  • Hey guys,

    So I know the standard LAN rules don’t support wildcards (*). Which would include every sub domain under So I’m wondering if there is a way to block everything outbound on the LAN except * and maybe DNS and NTP.

    I’ve tried the use pfblockerNG-devel but it doesn’t seem to have a block everything rule.

    So then I enabled TLD which blocks based on .com or .org or .gov etc. and I was thinking maybe I could list every TLD domain I could think of, then whitelist, which I’m hoping would also white list the sub domains under

    But I hear TLD uses a ton of memory and I only have 4 gigs on the SG-5100 netgate.

    I’m really trying to avoid purchasing a sonicwall. But the idea of hunting a pecking every sub domain under seems impossible.

  • So I've tried to add custom lists to IPv4 but those only seem to resolve the top level.

    I'm having a difficult time understanding how the technology can white list which includes all the sub domains of, but it's impossible to block everything except what is white listed....

    I mean this is a pretty typical need I imagine. A lot of people use whitelisting only for outbound traffic.

    On sonicwall it's based in the Alias rules themselves. But on pfsense it seems like the developers of pfblockerNG have giving the ability to whitelist but not the ability to block all other traffic...

    I guess thats why i'm so confused. Because I can clearly see that i can use on DNSBL to white list avid and all it's sub domains, but I cannot figure out how to deny all outboud traffic, except