On 1-3-2013 22:44, Kevin Hayes wrote: > Hello, > > > > I am trying something that I thought would be fairly simple but is > turning out to be more confusing than I had hoped. > > > > We have several computers that are considered critical and I would like > to block the internet except for a short list of approved websites that > may be accessed from those desktops. What would be the easiest > suggestion on how to do this. I’ve been looking at pfBlocker and it > seems by its description to do what I need, I found where I can block > whole countries but not specific sites on specific ip addresses.
A proxy server is well suited for this purpose. Block outbound traffic and setup a transparent proxy. If that's not possible a manually configured proxy also works, the trick is to make sure they can't access 80 and 443 without going through the proxy. That's what a firewall rule on the LAN accomplishes. It's a good policy in larger corporate networks to block outbound traffic per default. You have very granular controls on what people can access through the proxy. Because it also accomplishes this for https. Regards, Seth _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
