Domain-based whitelisting (OpenWrt equivalent to PfSense functionality?)

openuser1 · November 21, 2024, 2:13pm

Is there a way to block all connections except for those that match a domain-based whitelist? This isn't just for HTTP traffic, but all connections.

In pfSense I can create an "invert match" firewall rule to achieve this with a list of domains, but I'm hoping to switch to OpenWrt for ARM support. I'm not sure the exact process pfSense uses to map domains to IPs, but it seems to work pretty well.

I use this for a VM running software I don't fully trust, and I only let it connect to a few specific destinations.

egc · November 21, 2024, 2:18pm

Have a look at BanIP or an Adblock package
Adblock can work with whitelisting

frollic · November 21, 2024, 2:30pm

preinstalled dnsmasq can also be used, but it's probably a lot easier to go with the packages suggested by @egc.

evs · November 21, 2024, 8:24pm

+1 for dnsmasq. I've used this. Only in conjuction with captive portal though.

https://opennds.readthedocs.io/en/stable/walledgarden.html#openwrt-walled-garden

openuser1 · November 22, 2024, 4:25am

Thanks - BanIP was quick and easy!

system · December 2, 2024, 4:25am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.