Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I need to block all sites and allow just a few

    Scheduled Pinned Locked Moved General pfSense Questions
    10 Posts 5 Posters 703 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      candinho
      last edited by

      Hi, I'm new to linux and i've set up a pfsense box with squid and squidguard, i need transparent proxy because i can't access every machine on network and set cert and anything else for 2 reasons, 1°, too many pcs; 2° there a Sony streamer that i can't  config ip or cert, so it only works with dhcp(ask Sony why).
      The initial allowed sites are:
      Any .gov site
      any tjrs or tj
      google
      facebook
      youtube to just one machine the streamer

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN Offline
        NogBadTheBad
        last edited by

        Have a look at pfBlockerNG, not sure if allow *.gov, etc … and then reject anything else

        https://forum.pfsense.org/index.php?topic=102470.0

        I don't use it myself, but it's what I'd be looking at if I needed to.

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • KOMK Offline
          KOM
          last edited by

          pfBlocker might be too heavy for just an URL filter.  Squid + squidguard could do it.

          1 Reply Last reply Reply Quote 0
          • jahonixJ Offline
            jahonix
            last edited by

            @candinho:

            Hi, I'm new to linux and i've set up a pfsense box…

            Just to get you disillusioned from the beginning: pfSense is based on FreeBSD which is NOT Linux.
            So with pfSense you are new to FreeBSD.  ;)

            1 Reply Last reply Reply Quote 0
            • C Offline
              candinho
              last edited by

              @jahonix:

              @candinho:

              Hi, I'm new to linux and i've set up a pfsense box…

              Just to get you disillusioned from the beginning: pfSense is based on FreeBSD which is NOT Linux.
              So with pfSense you are new to FreeBSD.  ;)

              Both are UNIX anyway xD

              1 Reply Last reply Reply Quote 0
              • C Offline
                candinho
                last edited by

                @KOM:

                pfBlocker might be too heavy for just an URL filter.  Squid + squidguard could do it.

                squid cant block https and squid guard  need to name every single domain in the world to block and that is way too much even if i knew all domains, i've tried cheating it by blocking a single "." as any domain in the world will have a".", but it block everything even white listed sites or i don't know how to use it

                1 Reply Last reply Reply Quote 0
                • GrimsonG Offline
                  Grimson Banned
                  last edited by

                  @candinho:

                  Both are UNIX anyway xD

                  Nope. Only UNIX-like, not real UNIX.

                  1 Reply Last reply Reply Quote 0
                  • KOMK Offline
                    KOM
                    last edited by

                    squid cant block https

                    That's news to me.  It seems to work just fine for me and others.

                    squid guard  need to name every single domain in the world to block

                    What are you talking about???  Just set the default ACL to block all and then put allowed URLs in the whitelist.

                    1 Reply Last reply Reply Quote 0
                    • C Offline
                      candinho
                      last edited by

                      @KOM:

                      squid cant block https

                      That's news to me.  It seems to work just fine for me and others.

                      squid guard  need to name every single domain in the world to block

                      What are you talking about???  Just set the default ACL to block all and then put allowed URLs in the whitelist.

                      Squid can't filter https, that is because ssl, and the reason ssl interception option on squid conf, but it doen't work(cause certificate issues)
                      BTW squid can block https on non transparent proxy mode, which is silly because anyone with a brain can bypass it on non transparent mode
                      Squid Guard block all option does what it says block everything even white listed sites, just tested it
                      as it read block then allow and not allow then block, or there's a option to change which direction it get first(block/allow; allow/block)

                      1 Reply Last reply Reply Quote 0
                      • KOMK Offline
                        KOM
                        last edited by

                        Squid can't filter https, that is because ssl, and the reason ssl interception option on squid conf, but it doen't work(cause certificate issues)

                        Nonsense.  It sounds like you don't have it configure properly.

                        BTW squid can block https on non transparent proxy mode, which is silly because anyone with a brain can bypass it on non transparent mode

                        It never occurred to you to block 80,443 tcp on LAN?

                        Squid Guard block all option does what it says block everything even white listed sites, just tested it

                        I'm pretty sure you can and you're doing it wrong.

                        as it read block then allow and not allow then block, or there's a option to change which direction it get first(block/allow; allow/block)

                        Sorry, what?  I don't understand what you're trying to say.

                        Watch this:

                        https://www.youtube.com/watch?v=xm_wEezrWf4

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.