Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Alias Whitelist with Wireguard

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 645 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RatWolf6
      last edited by

      Hello,
      I want to use WireGuard with an alias-list, so I could block all traffic except that, what is whitelisted.
      What I found so far, that the DNS-Resolver might not work with WG, so I use the forwarding.
      But that also doesn't help. When I allow all traffic, my cellphone has everything free, so the DNS as well as the VPN seems to work fine.
      But as soon as I activate the Whitelist, it no longer allows any web-access.
      What I now find is, that under diagnostics the Table doesn't seem correct, so I emptied it, that he can recreate it.
      However, it again doesn't get all IPs and seems not update it correctly.
      What am I missing so far?
      Thanks, before.
      Kind regards,
      Ralf.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @RatWolf6
        last edited by

        @RatWolf6 What exactly are you allowing? If it's a web site that has a server farm or IP addresses that change frequently, be aware pfSense will resolve the domain name every 5 minutes and the IPs at that time will be used.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        R 1 Reply Last reply Reply Quote 1
        • R
          RatWolf6 @SteveITS
          last edited by

          @SteveITS good to know what I wish to do is for a cellphone to only allow to go to google a specific website.
          The last one I think doesn't change as often, but google…
          So then, I think I need to use pfblockng?
          But that I tried at first and didn't make it work, but that would be another thread if I didn't find anything in the search.

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @RatWolf6
            last edited by

            @RatWolf6 Yeah I'd think google.com changes IPs quite a bit.

            There are ways to bypass pfBlocker for devices. You will probably have to allow all devices except the one, I would think.

            https://www.reddit.com/r/PFSENSE/comments/pbg7xv/bypass_pfblockerng_for_certain_machines/

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            R 1 Reply Last reply Reply Quote 1
            • R
              RatWolf6 @SteveITS
              last edited by

              @SteveITS the only I'm unsure is, how I could block everything and only allow special domains with it (like PiHole Block Regex *)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.