Is this possible? A web filter triggering some other stuff
-
I don't get it
Maybe lack of sleep and or sugarA blacklist is a blacklist. (porn)
If u want a client not to get in touch with the whole blacklist you have to bypass itI m thinking someone is trying to bypass pfB by ip (client)
If u do it by VPN don't enable pfB on that interface
Hope I got it all right
-
I'm not sure how you could route traffic to the VPN gateway using pfBlocker. For small sites with a single IP or a few IPs you might be able to use it create an alias but for anything using a CDN it would be patchy at best.
Steve
-
Hello kind gentlemens,
i'll try to explain better:
There are certain areas of the interwebs that are better surfed with external VPN service. i want to automate this behaviour, and the discrimination would be a list of websites based on a webfilter.Hope this clarifies better.
My best and cheerful regards.
-
I'm thinking it would just be easier to use 2 computers - 1 to always connect to the internet thru a VPN to surf to "certain areas of the interwebs" and another computer to use to NOT do any of that kind of stuff. Easy... got an extra computer?
:)
Jeff
-
i still dont get it.
but to be pragmatic
- enable a website filter DNS based like pfBlockerNG
- use a custom information page when a site is blocked
- customize this page as u like (send mail ---> put site on a whitelist after the next reload whatever)
- configure a bypass for sites you want to reach only via VPN
- configure thaht bypass to get routed through the VPN gateway
nice project have fun ! /me out
-
@noplan said in Is this possible? A web filter triggering some other stuff:
configure a bypass for sites you want to reach only via VPN
That's the difficult bit. In Squid you can match the URL against an ACL and use a different outbound interfaces.
In pfBlocker, if you use DNS-BL, there is no alias to use in a policy routing firewall rule. If you use the fqdn directly in an alias it will catch, if you're lucky, some of the traffic for almost all sites you might want to match like Netflix for example.
You can only use an alias pulled from a list that hopes to contains all IPs for that site. You can pull that via AS number for example but that relies on the AS being up to date which they often are not.Steve
-
Isn't there post around here pretty new about bypassing pfB for a specific IP
If that works that should do the trick
The other thing what Noone told us
What's the mission of pfB in this case
blocking porn? -
Like by-passing DNS-BL? Or by-passing the firewall rules?
Either is possible. Neither will route traffic to a different gateway based on URL.
Creating aliases by AS number is the only way I've seen that get close. That can work well for blocking since if you block 90% of Facebook the remaining 10% isn't much use. But for passing and/or routing it's less effective since 10% missing does not make for a good experience!
Steve
-
not gettin deeper into by-passin DNSBL i thought this is what he @BlueStarry was askin for combined with a custom blocked website information page and tipped with a VPN routing i personally dont understand what for
you are right routing based on a url ..... ;)
and yeah content filtering is pretty anoying job if you are not above 128 GB RAM fpr the filters only ;)
-
Yeah this is not a road I would ever choose to go down!