1
General Discussion / Re: Block all internet traffic, but allow a single domain
« on: August 29, 2022, 05:29:53 pm »
Thank you, with your help I could get it working!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
General Discussion / [SOLVED] Block all internet traffic, but allow a single domain
« on: August 29, 2022, 10:52:44 am »
Hi,
as the title implies, I am trying to block all internet access for specific devices which I have set an alias for already.
I could deduce the settings from another thread for that.
Namely it was this one, sombody might remember...
https://forum.opnsense.org/index.php?topic=6471.15
Now I want to allow this device to reach one specific domain (openstreetmaps), but I am unsure how to do that.
For now this is my LAN FW rule to block all, which is on position 1:
Action: Block
Disabled: (unchecked)
Interface: LAN
TCP/IP Version: IPv4 + IPv6
Protocol: any
Source / Invert: (unchecked)
Source: The alias of the devices in question
Destination / Invert: (checked)
Destination: LAN net
followed by default LAN rules:
- position 2: Default allow LAN to any rule: allow IPv4 LAN net * *
- position 3: Default allow LAN IPv6 to any rule : allow IPv6 LAN net * *
As my understanding is so far I have to add another rule on top of my #1 (block internet) rule to allow a destination alias.
So I created an alias for domain openstreetmaps.org:
Type: URL(IPs)
Content: openstreetmap.org
And another rule to allow traffic to this URL:
Action: Pass
Disabled: (unchecked)
Quick: (checked)
Interface: LAN
TCP/IP Version: IPv4 + IPv6
Protocol: any
Source / Invert: (unchecked)
Source: The alias of the devices in question
Destination / Invert: (unchecked)
Destination: Alias of Openstreetmaps
You can already guess it... it is not working.
Could you please help me? What am I missing?
Thank you a lot for your time!
as the title implies, I am trying to block all internet access for specific devices which I have set an alias for already.
I could deduce the settings from another thread for that.
Namely it was this one, sombody might remember...
https://forum.opnsense.org/index.php?topic=6471.15
Now I want to allow this device to reach one specific domain (openstreetmaps), but I am unsure how to do that.
For now this is my LAN FW rule to block all, which is on position 1:
Action: Block
Disabled: (unchecked)
Interface: LAN
TCP/IP Version: IPv4 + IPv6
Protocol: any
Source / Invert: (unchecked)
Source: The alias of the devices in question
Destination / Invert: (checked)
Destination: LAN net
followed by default LAN rules:
- position 2: Default allow LAN to any rule: allow IPv4 LAN net * *
- position 3: Default allow LAN IPv6 to any rule : allow IPv6 LAN net * *
As my understanding is so far I have to add another rule on top of my #1 (block internet) rule to allow a destination alias.
So I created an alias for domain openstreetmaps.org:
Type: URL(IPs)
Content: openstreetmap.org
And another rule to allow traffic to this URL:
Action: Pass
Disabled: (unchecked)
Quick: (checked)
Interface: LAN
TCP/IP Version: IPv4 + IPv6
Protocol: any
Source / Invert: (unchecked)
Source: The alias of the devices in question
Destination / Invert: (unchecked)
Destination: Alias of Openstreetmaps
You can already guess it... it is not working.
Could you please help me? What am I missing?
Thank you a lot for your time!
Pages: [1]