How to blk acces to the internet?



  • Hi,

    I am not sure if  should post this here.
    I need to know how it is possible to block access to:

    1. Full internet
    2. Fulle internet, except some pages
    3. Chat programs

    Please, can you explain it in a simple way. Cause I don´t understand how to do it….

    Regards,

    Johny



  • Well, assuming that you are referring to traffic originating from your LAN segment destined outbound, you would simply create firewall rules in the LAN segment explicitly denying all traffic from your LAN IPs (or any IP) destined to any. This applies to chat programs to.

    Restricting access to only certain websites gets a bit trickier. I would create rules to deny traffic to all, and then create an allow traffic to certain IP with a higher priority than that deny rule.



  • Thx.

    So if I get it right it isn´t possible to make for every user a rule of which pages he can or can not access?

    It is that in the company almost every user can access only some sites and mostly they are different (departments sales, comercial, buying, stock,…)
    For example:
    Adminsitration: only access to the banks
    Stock: Only access to the providers
    Sales: Only access to Google, and some other sites
    etc... ...

    Thx,

    David



  • restricting websites is best done using something like Squid - you can maybe use the package in pfSense for this.

    there are some useful threads here:  http://forum.pfsense.org/index.php/board,15.0.html



  • Thx Sai,

    yes indeed about Squid. I am getting into that.
    I managed already to make a filter and add some IPs to it.

    Now my next object is to create for every user a filter.
    I have this in Squid.inc:

    acl semirestricted_hosts src "/var/squid/acl/semirestricted_hosts.acl"
    acl semirestrictedlist dstdom_regex -i "/var/squid/acl/semiwhite.acl"

    Now, should I just add two more lines to create another filter?

    Thx,

    David


Log in to reply