I need to block all sites and allow just a few



  • Hi, I'm new to linux and i've set up a pfsense box with squid and squidguard, i need transparent proxy because i can't access every machine on network and set cert and anything else for 2 reasons, 1°, too many pcs; 2° there a Sony streamer that i can't  config ip or cert, so it only works with dhcp(ask Sony why).
    The initial allowed sites are:
    Any .gov site
    any tjrs or tj
    google
    facebook
    youtube to just one machine the streamer


  • Galactic Empire

    Have a look at pfBlockerNG, not sure if allow *.gov, etc … and then reject anything else

    https://forum.pfsense.org/index.php?topic=102470.0

    I don't use it myself, but it's what I'd be looking at if I needed to.



  • pfBlocker might be too heavy for just an URL filter.  Squid + squidguard could do it.



  • @candinho:

    Hi, I'm new to linux and i've set up a pfsense box…

    Just to get you disillusioned from the beginning: pfSense is based on FreeBSD which is NOT Linux.
    So with pfSense you are new to FreeBSD.  ;)



  • @jahonix:

    @candinho:

    Hi, I'm new to linux and i've set up a pfsense box…

    Just to get you disillusioned from the beginning: pfSense is based on FreeBSD which is NOT Linux.
    So with pfSense you are new to FreeBSD.  ;)

    Both are UNIX anyway xD



  • @KOM:

    pfBlocker might be too heavy for just an URL filter.  Squid + squidguard could do it.

    squid cant block https and squid guard  need to name every single domain in the world to block and that is way too much even if i knew all domains, i've tried cheating it by blocking a single "." as any domain in the world will have a".", but it block everything even white listed sites or i don't know how to use it



  • @candinho:

    Both are UNIX anyway xD

    Nope. Only UNIX-like, not real UNIX.



  • squid cant block https

    That's news to me.  It seems to work just fine for me and others.

    squid guard  need to name every single domain in the world to block

    What are you talking about???  Just set the default ACL to block all and then put allowed URLs in the whitelist.



  • @KOM:

    squid cant block https

    That's news to me.  It seems to work just fine for me and others.

    squid guard  need to name every single domain in the world to block

    What are you talking about???  Just set the default ACL to block all and then put allowed URLs in the whitelist.

    Squid can't filter https, that is because ssl, and the reason ssl interception option on squid conf, but it doen't work(cause certificate issues)
    BTW squid can block https on non transparent proxy mode, which is silly because anyone with a brain can bypass it on non transparent mode
    Squid Guard block all option does what it says block everything even white listed sites, just tested it
    as it read block then allow and not allow then block, or there's a option to change which direction it get first(block/allow; allow/block)



  • Squid can't filter https, that is because ssl, and the reason ssl interception option on squid conf, but it doen't work(cause certificate issues)

    Nonsense.  It sounds like you don't have it configure properly.

    BTW squid can block https on non transparent proxy mode, which is silly because anyone with a brain can bypass it on non transparent mode

    It never occurred to you to block 80,443 tcp on LAN?

    Squid Guard block all option does what it says block everything even white listed sites, just tested it

    I'm pretty sure you can and you're doing it wrong.

    as it read block then allow and not allow then block, or there's a option to change which direction it get first(block/allow; allow/block)

    Sorry, what?  I don't understand what you're trying to say.

    Watch this:

    https://www.youtube.com/watch?v=xm_wEezrWf4