Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block all site except exchange online mail

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 518 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Matt911
      last edited by

      For something computer I want to block all website except exchange online
      Can you help me please?
      I tried with the alias and rules but it doesn't work

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Matt911
        last edited by Gertjan

        @matt911 said in Block all site except exchange online mail:

        except exchange online

        They, the "exchange online" service, will know the IP address they use. What about the good old 'ask them' ? We're all surprised every day what Google can tell us if asked correctly.
        Most probably there will be more then one address.
        You had your mission well defined : find them all, and add them to the alias.

        Also, think about this one : if you were a "exchange online mail" service, what will be you priorities ?
        Most probably this one will be at the top of your list : "keep the service accessible at all times".
        On the other hand, 'public' IP addresses can get DDOS, so their service are not available any-more.
        This situation can be resolved by routing DDOS IPs away from the web mail service, and add others, up until then unknown IP addresses to the DNS pool.
        This multi IP sharing also permits me (the service) to take a server off line, update or maintain it, while adding others IPs/server in place, to keep up with the load (demand).

        What I want to say is : it is hard, maybe close to impossible, to get your hands on the list of all the IP's they use. By now, you could understand that that list is somewhat 'secret'.

        Btw : Who is 'they' ? exchange == microsoft ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        M 1 Reply Last reply Reply Quote 1
        • M
          Matt911 @Gertjan
          last edited by

          @gertjan
          exchange online = microsoft
          Thanks

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by stephenw10

            See: https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide#exchange-online

            You can just use the json list directly in pfBlocker-ng to get a list of IPs for office365, including Exchange, and it will be auto updated. It doesn't include IPv6 yet.

            Screenshot from 2022-04-13 13-43-37.png

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.