Suggestions on home pfsense appliance that will handle porn blocking

danno91

Hello!

New pfsense user here. Have the Netgate 1100. My question is this.
Is this not have enough RAM to run porn TLD lists? I see that only have 1 GB of RAM is not sufficient.

Thanks for any suggestions. I am more than willing to step up to a 2100 or 4100. I also like to do some home labbing/tests/ as well and will probably set myself up with
a remote access VPN to access home network from remote locations as needed.
Thanks!
Dan

Gertjan

@danno91 said in Suggestions on home pfsense appliance that will handle porn blocking:

4100

Make that 4100 and opt for a 5100 or 'better'.

I use an "4100 MAX", and when I activated :

this one and only list (a small subset of the total available porn offer) with 1,4 million domain names, which takes time to download (server side limited) and many minutes of parsing time, while doing so eats half of all memory (4 G) and now my 4100 starts to make usage of the swap space which is never a good sign - go to the memory usage stats.

'porn' is like 'cigarettes' and 'alcohol'. The latter was even forbidden for a while in the states (just think about it) : thinks become x times worse overnight.
For me it's not an issue any-more, although I have a 14 year old at home. Just show the good examples, and you did your part of the deal.
All very IMHO of course.

I bought my 4100 with just two criteria in mind : power usage - and 1 Gbits / sec handling on all 4 (minimal) ports.
I could buy a smaller router but that would mean the arm processor used would be way smaller as the one in my iPhone ..... that just doesn't seem right ;)

danno91

Thank you sir. I will keep that in mind. I am leaning toward a more powerful unit. Thank you again for your thoughts. That is helpful.

michmoor

There are probably better porn lists out there than utilizing UT1.
Steven’s blacklist for example.

danno91

@michmoor

I have this though it doesn't say anything about blocking porn. It says 'ADs_Basic - Steven Black - StevenBlack_ADs'

michmoor

@danno91 you will need to add the blocklist to pfblocker

SteveITS

@danno91 The mentioned UT1 list is big, and just to add to @Gertjan 's warning the smaller not-Max Netgate devices use eMMC storage not an SSD. If you were going to update a very large list frequently, I'd consider an SSD so you don't wear out the eMMC.

https://docs.netgate.com/pfsense/en/latest/troubleshooting/disk-lifetime.html
https://www.netgate.com/supported-pfsense-plus-packages

Another option with no RAM or disk use is to forward DNS to CloudFlare or another provider, e.g. 1.1.1.3:
https://blog.cloudflare.com/introducing-1-1-1-1-for-families/

Here is a PDF on how to block DNS over HTTP in pfSense so users can't get around the blocks:
https://github.com/jpgpi250/piholemanual#doh

danno91

@michmoor

Interesting. I have what I believe is Steven's blacklist, though it doesn't block.

Gertjan

@danno91

For a list to show blocked packets, your devices have to visit host names present in the list.
And your devices used on the pfSense LAN have to use pfSense as their your DNS.