I use firewall->Traffic rules to completely block outgoing port 80 traffic on certain workstations. I am using MAC address as an identifier. Now I need to whitelist couple of domains. How do I do that? In addition, is it possible to block certain domains on those workstations regardless of ports? I can also block all traffic (web traffic on 80 and 443) and just whitellist certain domains regardless of ports if that is easier to implement.
This cannot be for the entire home subnet, just those workstations. I cannot segment using vlans as target workstation is sharing a folder and using a network printer.
Thanks @lleachii I like the suggestion. Workstation is running win10 I do not want to touch the internal network that is running fine. I would rather work with the firewall.
What is the sequence? Block first then allow (put holes) or allow first and then block rest? I am using the GUI/Luci interface right now. Can I block all the traffic in traffic rules GUI for 80 and 443 and run the script to whitelist just a few?
Where does the script run? Is it a shell script? Is it in the custom rules? Can you please provide a sample to whitelist https://www.raspberrypi.org/ as an example?
I didn't say run a script to do the block, I said run a script to get the IPs of the domains you wish to block. I would advice looking at how to use Bash, iptables and nslookup.
This can be done in the GUI, but you may have to install ipset.
On the router.
EDIT: It seems easier to just create another VLAN and setup FORWARD ACCEPT to your network file server and printer. I do this all the time