Pfsense sequence of execution



  • how does pfsense execute config if there is squidguard

    -squidguard then firewall rules

    OR

    -firewall rules then squidguard



  • They're not really related, but if you don't have a firewall rule to allow access from LAN (which is there by default unless you have changed it) then squidguard isn't going to do much for you.  What is the actual issue you're dealing with?



  • Traffic that enters the system via an interface always goes to the packet filter/address rewriting first. Any proxy or similar service is then fed from the "feed" that comes in trough the interface, usually with an rdr rule that redirects any traffic to a particular listening port.



  • say i have used pfblocker to enumerate all the ASN of google and allow in the rules but i should block youtube.comchrome.google.com/  and some google parts and doing that part in target rules under squidguard just dont work for me…i just did it in dns resolver



  • By default, PFBlocker won't be able to block Squid from anything. FreeBSD blocks incoming states from being created, that is how it blocks traffic. Quid runs directly on PFSense, which means there is never an incoming state because the state is going to Squid, not YouTube. What you need is a firewall rule that blocks outgoing states or a rule in Squid that blocks those DNS entries.



  • ive used pfblocker to resolve all the google asn numbers via whois and used it in the rules to allow this ASN destinations…not to block...


Log in to reply