I have 8 machines at a client site that we need to block Internet access on [standard Windows network, Active Directory using the GC server for DNS - this is important because I can't use something like OpenDNS to accomplish what I want].
They are all on DHCP reservations so I have them in an alias on pfSense and my simple answer was to block outbound tcp/80 and tcp/443 with that alias as the source.
Unfortunately, we use Splashtop for remote access. According to Splashtop's KB article they use odd/high ports to talk to their server but when I couldn't get that to work I submitted a ticket to them. Come to find out, they only use those ports locally [not sure who/when that would be used] and use tcp/443 for standard remote access.
They provided me the hosts it talks to [st2-relay.api.splashtop.com, st2.api.splashtop.com and *.relay.splashtop.com]. Unfortunately I have no way to use the wildcard in an alias since they can't/won't give me any of the hostnames that the wildcard applies to.
Does anyone have any idea on how I can block all access with the exception of the 3 hosts I need access to with one of them being a useless wildcard? :] I couldn't come up with anything but was hoping the hivemind could suggest something.