Alias Whitelist with Wireguard
-
Hello,
I want to use WireGuard with an alias-list, so I could block all traffic except that, what is whitelisted.
What I found so far, that the DNS-Resolver might not work with WG, so I use the forwarding.
But that also doesn't help. When I allow all traffic, my cellphone has everything free, so the DNS as well as the VPN seems to work fine.
But as soon as I activate the Whitelist, it no longer allows any web-access.
What I now find is, that under diagnostics the Table doesn't seem correct, so I emptied it, that he can recreate it.
However, it again doesn't get all IPs and seems not update it correctly.
What am I missing so far?
Thanks, before.
Kind regards,
Ralf. -
@RatWolf6 What exactly are you allowing? If it's a web site that has a server farm or IP addresses that change frequently, be aware pfSense will resolve the domain name every 5 minutes and the IPs at that time will be used.
-
@SteveITS good to know what I wish to do is for a cellphone to only allow to go to google a specific website.
The last one I think doesn't change as often, but google…
So then, I think I need to use pfblockng?
But that I tried at first and didn't make it work, but that would be another thread if I didn't find anything in the search. -
@RatWolf6 Yeah I'd think google.com changes IPs quite a bit.
There are ways to bypass pfBlocker for devices. You will probably have to allow all devices except the one, I would think.
https://www.reddit.com/r/PFSENSE/comments/pbg7xv/bypass_pfblockerng_for_certain_machines/
-
@SteveITS the only I'm unsure is, how I could block everything and only allow special domains with it (like PiHole Block Regex *)