Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    *NOOB* Configure Squid for Blacklisting Everything

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hupernika0
      last edited by

      Hello,

      To start, I just installed pfsense to play and test with and am completely hopeless.

      My end goal for now is to build a router for a guest wifi at my church.

      As far as a proxy, I want to start by blacklisting the whole world, but create a short whitelist of approved websites.

      I can hopefully then replicate this configuration to a school lab router for the same idea for student web access.

      1st is this possible? 2nd can you help me?

      Josh

      1 Reply Last reply Reply Quote 0
      • S
        Supermule Banned
        last edited by

        Why do you want to blacklist everything??

        1 Reply Last reply Reply Quote 0
        • H
          hupernika0
          last edited by

          For the school, I want to blacklist everything and have a short whitelist so that students can't go surfing anywhere that hasn't been pre-approved.

          For the guest wifi, the Pastor wants to just try out a guest wifi and see how it will work out, but he is justifiably afraid of it coming back and and biting him. So he'd like to start with the short whitelist.

          1 Reply Last reply Reply Quote 0
          • M
            Mr. Jingles
            last edited by

            This for sure is possible although I don't run Squid anymore so don't recall how I did it.

            I'd suggest you simply install the package and look around in the GUI: there are options for white listing and black listing.

            An alternative might be to not even use Squid, but simply use a LAN-rule:

            • Rule1: allow out to the alias in which you captured the allowed sites;

            • Rule2: block all else.

            That is perhaps even easier than setting up and maintaining Squid for this.

            6 and a half billion people know that they are stupid, agressive, lower life forms.

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              You can do this with squid and squidGuard.  Block everything other than what you exempt.

              1 Reply Last reply Reply Quote 0
              • S
                Supermule Banned
                last edited by

                Dont go there.

                They have 3G/4G on the phone and doesnt have to use your wifi.

                Thereby having no control of the students. It doesnt have any effect.

                Instead of shutting everything down, open it up and log the traffic. Much better using captive portal.

                @hupernika0:

                For the school, I want to blacklist everything and have a short whitelist so that students can't go surfing anywhere that hasn't been pre-approved.

                For the guest wifi, the Pastor wants to just try out a guest wifi and see how it will work out, but he is justifiably afraid of it coming back and and biting him. So he'd like to start with the short whitelist.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.