Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] Block all internet traffic, but allow a single domain
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Block all internet traffic, but allow a single domain (Read 3518 times)
walterwampe
Newbie
Posts: 2
Karma: 0
[SOLVED] Block all internet traffic, but allow a single domain
«
on:
August 29, 2022, 10:52:44 am »
Hi,
as the title implies, I am trying to block all internet access for specific devices which I have set an alias for already.
I could deduce the settings from another thread for that.
Namely it was this one, sombody might remember...
https://forum.opnsense.org/index.php?topic=6471.15
Now I want to allow this device to reach one specific domain (openstreetmaps), but I am unsure how to do that.
For now this is my LAN FW rule to block all, which is on position 1:
Action: Block
Disabled: (unchecked)
Interface: LAN
TCP/IP Version: IPv4 + IPv6
Protocol: any
Source / Invert: (unchecked)
Source: The alias of the devices in question
Destination / Invert: (checked)
Destination: LAN net
followed by default LAN rules:
- position 2: Default allow LAN to any rule: allow IPv4 LAN net * *
- position 3: Default allow LAN IPv6 to any rule : allow IPv6 LAN net * *
As my understanding is so far I have to add another rule on top of my #1 (block internet) rule to allow a destination alias.
So I created an alias for domain openstreetmaps.org:
Type: URL(IPs)
Content: openstreetmap.org
And another rule to allow traffic to this URL:
Action: Pass
Disabled: (unchecked)
Quick: (checked)
Interface: LAN
TCP/IP Version: IPv4 + IPv6
Protocol: any
Source / Invert: (unchecked)
Source: The alias of the devices in question
Destination / Invert: (unchecked)
Destination: Alias of Openstreetmaps
You can already guess it... it is not working.
Could you please help me? What am I missing?
Thank you a lot for your time!
«
Last Edit: August 29, 2022, 05:30:47 pm by walterwampe
»
Logged
Spoonman2002
Newbie
Posts: 22
Karma: 1
Re: Block all internet traffic, but allow a single domain
«
Reply #1 on:
August 29, 2022, 04:32:43 pm »
Put these two rules on top (above the rest):
Action: Pass
Disabled: (unchecked)
Interface: LAN
TCP/IP Version: IPv4 + IPv6
Protocol: any
Source / Invert: (unchecked)
Source: LAN
Destination / Invert: (unchecked)
Destination: your_DNS_server
Action: Pass
Disabled: (unchecked)
Interface: LAN
TCP/IP Version: IPv4 + IPv6
Protocol: any
Source / Invert: (unchecked)
Source: LAN
Destination / Invert: (unchecked)
Destination: your_streetmap_alias
Then disable the Allow any to any rule (at the bottom).
Remember, OPNsense blocks all by default.
And I use "Host(s)" in the alias config, not URL.
(When using a fully qualified domain name, the name will be resolved periodically (default is each 300 seconds).
see:
https://docs.opnsense.org/manual/aliases.html
)
- Done.
«
Last Edit: August 29, 2022, 04:45:30 pm by Spoonman2002
»
Logged
walterwampe
Newbie
Posts: 2
Karma: 0
Re: Block all internet traffic, but allow a single domain
«
Reply #2 on:
August 29, 2022, 05:29:53 pm »
Thank you, with your help I could get it working!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] Block all internet traffic, but allow a single domain
