Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Web Filtering Options

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 5 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gte451f
      last edited by

      What would you guys recommend for web filtering software that is cheap or free?

      We are a 65 employee firm with two offices and we want to block Facebook etc.
      Our wishlist is:
      A/V scanning
      URL and/or Content Blacklist
      Reporting

      We have pfsense acting as our firewall at both offices.

      Should I install the Dans Guardian module with pfSense?
      How about Network Guardian from smoothwall?
      Untangle?
      Safe Squid?

      1 Reply Last reply Reply Quote 0
      • P
        Perry
        last edited by

        Each level = More work for you to do

        low level restriction = OpenDNS
        next level = Squidguard
        next level = add a untangle box

        OpenDNS with a Block DNS Rule on top !Lan address might be enough.
        Remember everybody that can SSH out, can use Facebook

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          SSH to facebook?  I'm sure you mean SSL. . .

          OP: please use the search feature.  This question has been asked and answered repeatedly.

          1 Reply Last reply Reply Quote 0
          • K
            ktims
            last edited by

            @submicron:

            SSH to facebook?  I'm sure you mean SSL. . .

            I think he means that if you allow SSH traffic onto the Internet from the LAN, the users can do whatever they want. It's quite trivial to forward traffic over SSH and use the remote box's Internet link instead of the local one, bypassing any filtering. Like a poor-man's VPN.

            But that's a risk with pretty much any configuration other than blocking all traffic directly to the Internet and only allowing HTTP through a proxy.

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              Its trivial to tunnel traffic over any port that is allowed, it's just odd that he mentioned SSH when SSL is a much more likely to be permitted protocol, and there are already plenty of SSL-enabled proxy sites available for use by people trying to bypass content filtering.

              1 Reply Last reply Reply Quote 0
              • B
                Bern
                last edited by

                I agree with Perry - SSH tunnels out are more likely than SSL proxies.

                BLOCK EVERYTHING!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.