Question about Firewall rules
-
There is no iptables on FreeBSD. Wrong forum, dude.
-
you could probably accomplish this with squid using URL lists.
-
PF is a strict layer 3 packet filter and that means that it won't look inside the data payload on the packets no matter what you do. As noted you'll need a proxy of some sort to accomplish layer 7 filtering on pfSense.
-
Also with Snort you can do something like this.
For example https://forum.pfsense.org/index.php?topic=84227.0 -
There is no iptables on FreeBSD. Wrong forum, dude.
Thanks for answer dude.
I'll quote
Hi everyone! I have an iptables script (Yes, i know pfsense doesn't use iptables) but i think it's a clever script.
This script was on a debian server with squid in transparent mode, and was for blocking https (443) connections for domains like youtube.com without blocking google.com domain. Both domains use same ip address.
My question is: Is it possible to achieve something like this firewall rules on pfsense?
:-)
-
Also with Snort you can do something like this.
For example https://forum.pfsense.org/index.php?topic=84227.0Look very interesting!! I'll try to make some test on virtualbox.
Thanks a lot
-
you could probably accomplish this with squid using URL lists.
Thanks for your answer, the problem is https sites over transparent squid.
-
@kpa:
PF is a strict layer 3 packet filter and that means that it won't look inside the data payload on the packets no matter what you do. As noted you'll need a proxy of some sort to accomplish layer 7 filtering on pfSense.
Thank for your answer
-
you could probably accomplish this with squid using URL lists.
Thanks for your answer, the problem is https sites over transparent squid.
squid can handle https sites, just not transparently IIRC. youll have to load the cert on each computer passing through the proxy at that point.
HOWEVER, a IP alias in pfsense "Firewall->Alias->IP->Add->Type: URL (IPs)" can accept hostnames and domain names. If your goal is to just block access to these sites, you can create an alias, add all the websites/domains in there you want, and create a deny rule when user traffic is destined to them. This is accomplished by pfsense periodically doing a nslookup on anything in that list, and adding every IP it receives in response to its list.
This would affectively stop http and https, as well as any traffic to the destined hosts.
-
squid can handle https sites, just not transparently IIRC. youll have to load the cert on each computer passing through the proxy at that point.
HOWEVER, a IP alias in pfsense "Firewall->Alias->IP->Add->Type: URL (IPs)" can accept hostnames and domain names. If your goal is to just block access to these sites, you can create an alias, add all the websites/domains in there you want, and create a deny rule when user traffic is destined to them. This is accomplished by pfsense periodically doing a nslookup on anything in that list, and adding every IP it receives in response to its list.
This would affectively stop http and https, as well as any traffic to the destined hosts.
I'll try this, thank you