Home/Support/Support Forum/Firewall rule to allow sites
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

Firewall rule to allow sites

0 votes
Hello,

can you give me a set of firewall rules to allow only few sites.
scenario is like this i want to close all http,https sites but allow let say microsoft.com and digi.com

regards
asked Jan 26, 2016 in Digi TransPort Cellular by iadamovic New to the Community (5 points)

Please log in or register to answer this question.

1 Answer

0 votes
Hi you can use this

[dnslist]
Used to match packets containing DNS names in a given dnslist. Following dnslist, there
needs to be a name of a DNS list as specified by the #dns command.
For example, consider the following DNS list:
#dns gglist www.Digi.co.*,www.*.co.nz
The following firewall rule blocks all DNS lockups to DNS names matching the above list:
block out break end on ppp 1 proto udp dnslist gglist from any to any port=dns

This is the other way round.

you would allow the list and block all dns lookups

#dns gglist *.Digi.com ,*.microsoft.com
pass out break end on ppp 1 proto udp dnslist gglist from any to any port=dns
block out break end on ppp 1 proto udp from any to any port=dns

if you are only after a very few sites you could use

pass out break end from any to www.digi.com port=http
block break end from any to any port=http

hope this helps

regards

James
answered Jan 26, 2016 by James.Wilson Veteran of the Digi Community (1,225 points)
...