OPNsense Forum

English Forums => General Discussion => Topic started by: x11xgr on May 27, 2023, 01:26:46 pm

Title: How do you authorize only certain websites and block everything else?
Post by: x11xgr on May 27, 2023, 01:26:46 pm

Hello everyone,
I'm a new user of this forum...

I need to limit the access of some client workstations to about ten websites :

- I've created an alias "Limited_Client" with 10 ip addresses (192.168.11.101 > 192.168.11.110)
- Another alias "Allowed_URL" with a dozen urls (google.ch, google.com, eset.com, microsoft.com, etc...)
- 2 Firewall-Rules-Lan rules:
   - Allow, IN, source "Limited_Client", destination "Allowed_URL".
   - Block, IN, source "Limited_Client", destination ! LAN net (Destination/Invert)

This works for a few "normal" sites, but the response time is slow, 3 to 5 seconds!
Impossible to reach google.com and eset.com among others!

How can I "filter" client workstations limited to certain sites and leave Internet access free for other client workstations?

I hope I've been precise enough.

Thanks in advance for your advice.

Title: Re: How do you authorize only certain websites and block everything else?
Post by: bartjsmit on May 27, 2023, 04:49:20 pm

Most of your destinations are notorious for sending the client to telemetry sites which fall outside your allowed ranges.

Stop the DNS lookups at source with a blocker (Pi-Hole, AdGuard, etc.) and consider running a web proxy to give you more control over the URL filtering.

Put the limited workstations on their own VLAN to prevent them masquerading as 'normal' workstations.

Bart...

Title: Re: How do you authorize only certain websites and block everything else?
Post by: x11xgr on June 12, 2023, 12:15:10 pm

Thank you for the tips, i try this and give a feedback.

Have a nice day.

Best regards

Xavier