Hello,
please can you give me an example of set of firewall rules.
my goal is to allow only few http and https sites, let say www.microsoft.com and www.digi.com.
thx
Hi you can use this
[dnslist]
Used to match packets containing DNS names in a given dnslist. Following dnslist, there
needs to be a name of a DNS list as specified by the #dns command.
For example, consider the following DNS list:
#dns gglist www.Digi.co.,www..co.nz
The following firewall rule blocks all DNS lockups to DNS names matching the above list:
block out break end on ppp 1 proto udp dnslist gglist from any to any port=dns
This is the other way round.
you would allow the list and block all dns lookups
#dns gglist .Digi.com ,.microsoft.com
pass out break end on ppp 1 proto udp dnslist gglist from any to any port=dns
block out break end on ppp 1 proto udp from any to any port=dns
if you are only after a very few sites you could use
pass out break end from any to www.digi.com port=http
block break end from any to any port=http
hope this helps
regards
James
1 Like
I found out the solution.
Your answer is correct