Block all traffic



  • Is there an easy way to simply block all traffic and only allow a few sites? Everything I see seems to do more filtering than I need.



  • Ns lookup all the sites that you want , create aliases for them , add rules to firewall to allow aliases,
    Add deny all rule at the and



  • I forgot , in 2.1 and up I think you can create aliases from URLs
    So do as above , but aliases referencing to the sites, add rules as above…



  • @bjm3805:

    Is there an easy way to simply block all traffic and only allow a few sites?

    The short answer is yes:
    Assuming you have a default configuration with only two active interfaces… Create LAN rules to allow the sites you want and then disable the "Default allow LAN to any rule" on the LAN interface. (I highly recommend that before you do this, you ensure the anti-lockout rule is enabled at System: Advanced: Admin Access: be sure that  "Disable webConfigurator anti-lockout rule" is not checked.) NOTE: I am assuming you want to block outbound from the LAN and not pfSense's outbound which would require floating rules.

    Just for some clarification:

    Are you asking how to restrict outbound traffic? (The default for pfSense is to block all inbound traffic already and allow all outbound traffic. )

    What do you mean by "sites", IP address(es) like "192.168.1.1", or websites like "www.google.com"?


Log in to reply