Firewall rule to allow sites

Hello,

can you give me a set of firewall rules to allow only few sites.
scenario is like this i want to close all http,https sites but allow let say microsoft.com and digi.com

regards

Hi you can use this

[dnslist]
Used to match packets containing DNS names in a given dnslist. Following dnslist, there
needs to be a name of a DNS list as specified by the #dns command.
For example, consider the following DNS list:
#dns gglist www.Digi.co.,www..co.nz
The following firewall rule blocks all DNS lockups to DNS names matching the above list:
block out break end on ppp 1 proto udp dnslist gglist from any to any port=dns

This is the other way round.

you would allow the list and block all dns lookups

#dns gglist .Digi.com ,.microsoft.com
pass out break end on ppp 1 proto udp dnslist gglist from any to any port=dns
block out break end on ppp 1 proto udp from any to any port=dns

if you are only after a very few sites you could use

pass out break end from any to www.digi.com port=http
block break end from any to any port=http

hope this helps

regards

James