# most effective internet whitelist



## triumdh (Jun 26, 2010)

I have tried using pf for restricting certain IP addresses from accessing certain website with the following.


```
pass in on $ext_if proto tcp from <whitelist> port {80, 443} to any keep state
block drop in quick on $ext_if proto tcp from any port {80, 443} to <whitelistclients>
pass in quick on $ext_if proto tcp from any to any port {80, 443}
```

I am running squid transparent and nat and get inconsistant results. Sometimes it works, other times it seems to let all traffic through. Some browsers will work and others block sites that are in the whitelist. I reset the whitelist table every hour with a cron job but I have seen issues with websites that always have the same IP address.

This has made me question whether I am using the right tool for the job. Would it be more efficient using squid or should I do more research on pf.

Thanks in advance.


----------



## dennylin93 (Jun 27, 2010)

Have you tried logging to check out whats wrong?


----------



## triumdh (Jun 27, 2010)

This was more of a question about the most effective way of achieving this. pf or squid. Within the logs when traffic gets through when it shouldn't it shows the website as established:established. It is almost like the state wasn't flushed when I load the rules. Also at one point when one of the ip addresses in the whitelist didn't resolve neither of the tables were loaded, blocking all traffic to the whitelist clients.


----------

