Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    url blocking depending on client IP

    Scheduled Pinned Locked Moved
    Firewalling
    3
    5
    149
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Mr_JinXM
      Mr_JinX
      last edited by

      Hi,

      As squid looks to be deprecated in future packages is there any suitable replacement?

      In short, im looking for the ability to filter requests one method is to block social media and enforce safesearch while the other method does not, I'm using pfsense and squid to achieve this, is there a better method?

      what are your thoughts? any ideas?

      M S 2 Replies Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @Mr_JinX
        last edited by

        @Mr_JinX
        For my home, ive been using nxfilter. I don't understand why this isn't talked about more especially in the SOHO or Homelab space.
        Get a linux box. Load up nxfilter. Now you can do domain blocking based on categories and be specific to client-IP.
        This task shouldn't be done by the firewall anyway.

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        Mr_JinXM 1 Reply Last reply Reply Quote 0
        • Mr_JinXM
          Mr_JinX @michmoor
          last edited by

          @michmoor

          It looks really good, my only concern is it's bassed in Korea, and remember if it's free you are the product.

          M 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @Mr_JinX
            last edited by

            @Mr_JinX pfBlocker in Python mode has an imho oddly named Python Group Policy section to exclude IPs from DNSBL.

            Another idea might be to do something like port forward port 53 to a “family” DNS service based on IP.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            • M
              michmoor LAYER 8 Rebel Alliance @Mr_JinX
              last edited by

              @Mr_JinX I agree with the possible security problems but i haven't found much negative information on it. Also they won me over because the dev worked on a few of my issues that were not working. So NXFilter has a built in net-flow collector. It wasn't working as i thought and they worked with me on fixing it.
              Its in the back of my mind of course that this app hasn't been vetted by anyone(as far as i know) but...so far....works as advertised.
              It has an updated categorization system, builtin netflow collector, and reporting (which isn't great). Fills the home requirement.

              The issue i have with the suggestion of external DNS services is that you cant track who is visiting what site as all source IP information will come from your WAN.

              Firewall: NetGate,Palo Alto-VM,Juniper SRX
              Routing: Juniper, Arista, Cisco
              Switching: Juniper, Arista, Cisco
              Wireless: Unifi, Aruba IAP
              JNCIP,CCNP Enterprise

              1 Reply Last reply Reply Quote 0
              • First post
                Last post