How do you authorize only certain websites and block everything else?

[x11xgr]

Hello everyone,
I'm a new user of this forum...

I need to limit the access of some client workstations to about ten websites :

- I've created an alias "Limited_Client" with 10 ip addresses (192.168.11.101 > 192.168.11.110)
- Another alias "Allowed_URL" with a dozen urls (google.ch, google.com, eset.com, microsoft.com, etc...)
- 2 Firewall-Rules-Lan rules:
   - Allow, IN, source "Limited_Client", destination "Allowed_URL".
   - Block, IN, source "Limited_Client", destination ! LAN net (Destination/Invert)

This works for a few "normal" sites, but the response time is slow, 3 to 5 seconds!
Impossible to reach google.com and eset.com among others!

How can I "filter" client workstations limited to certain sites and leave Internet access free for other client workstations?

I hope I've been precise enough.

Thanks in advance for your advice.

[bartjsmit]

Most of your destinations are notorious for sending the client to telemetry sites which fall outside your allowed ranges.

Stop the DNS lookups at source with a blocker (Pi-Hole, AdGuard, etc.) and consider running a web proxy to give you more control over the URL filtering.

Put the limited workstations on their own VLAN to prevent them masquerading as 'normal' workstations.

Bart...

[x11xgr]

Thank you for the tips, i try this and give a feedback.

Have a nice day.

Best regards

Xavier