Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense: Ease of non misuse?

    Off-Topic & Non-Support Discussion
    2
    2
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jago25_98
      last edited by

      Is there anything we can do to make sure people are using pfSense in the right way?

      Here are some examples:

      • administrator blocks .exe's and .com extensions to prevent users from downloading anything and getting virii. Perhaps there is a better way?
      • administrator of an oil company blocks anything with the word rape in it, preventing reading anything about Rape Seed Oil
      • administrator blocks a rival company website, preventing employees from studying and learning from it

      There are infinite more examples.

      The engineer response is that the problem is the user, not the tool. While this is true, it discards the full picture. How to use the tool is essential.
      It's a great opportunity to address the problem around the tool. That's why I tape manuals to my TV, speaker specs to the speakers - it's the best place for it.

      What can we do to help educate administrators? What can we do to help them achieve their goal precisely?

      Let's say I opt to block all .exe's .com extensions. How's about a notifier suggesting something else - like how to scan such filetypes.

      Filtering is coming to ISPs. I am in an environment where my internet is already heavily filtered and I cannot opt out. I am literally monitored 24/7. While we cannot address deliberate blocking, perhaps we can cut down on laziness and mistakes.

      Comments, advise, suggestions?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        In this case, the power of the system is in its infinite configurability. I would venture to say there is really no "right" or "wrong" way to use pfSense.

        There is also no way for pfSense to know what your real intent is, especially when it comes to configuring packages (which is mainly what you're talking about, squid, squidguard, etc). I don't know about you, but to me what you're suggesting sounds a lot like "Clippy" of Microsoft Office infamy. It shouldn't really be pfSense's place to second guess what an administrator is trying to do, since that is really up to the administrator.

        The kinds of things you discuss are, as you hint at, things for the manual or book. There is a book in the works, and there is a lot of documentation on the Doc Wiki. Alternate scenarios and suggestions for better ways to accomplish a given task are wonderful to have there. That said, I wouldn't want them in the WebGUI trying to alter my behavior.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post