Hello,
can you give me a set of firewall rules to allow only few sites.
scenario is like this i want to close all http,https sites but allow let say microsoft.com and digi.com
regards
Hi you can use this
[dnslist]
Used to match packets containing DNS names in a given dnslist. Following dnslist, there
needs to be a name of a DNS list as specified by the #dns command.
For example, consider the following DNS list:
#dns gglist www.Digi.co.,www..co.nz
The following firewall rule blocks all DNS lockups to DNS names matching the above list:
block out break end on ppp 1 proto udp dnslist gglist from any to any port=dns
This is the other way round.
you would allow the list and block all dns lookups
#dns gglist .Digi.com ,.microsoft.com
pass out break end on ppp 1 proto udp dnslist gglist from any to any port=dns
block out break end on ppp 1 proto udp from any to any port=dns
if you are only after a very few sites you could use
pass out break end from any to www.digi.com port=http
block break end from any to any port=http
hope this helps
regards
James