PfSense: Ease of non misuse?



  • Is there anything we can do to make sure people are using pfSense in the right way?

    Here are some examples:

    • administrator blocks .exe's and .com extensions to prevent users from downloading anything and getting virii. Perhaps there is a better way?
    • administrator of an oil company blocks anything with the word rape in it, preventing reading anything about Rape Seed Oil
    • administrator blocks a rival company website, preventing employees from studying and learning from it

    There are infinite more examples.

    The engineer response is that the problem is the user, not the tool. While this is true, it discards the full picture. How to use the tool is essential.
    It's a great opportunity to address the problem around the tool. That's why I tape manuals to my TV, speaker specs to the speakers - it's the best place for it.

    What can we do to help educate administrators? What can we do to help them achieve their goal precisely?

    Let's say I opt to block all .exe's .com extensions. How's about a notifier suggesting something else - like how to scan such filetypes.

    Filtering is coming to ISPs. I am in an environment where my internet is already heavily filtered and I cannot opt out. I am literally monitored 24/7. While we cannot address deliberate blocking, perhaps we can cut down on laziness and mistakes.

    Comments, advise, suggestions?


  • Rebel Alliance Developer Netgate

    In this case, the power of the system is in its infinite configurability. I would venture to say there is really no "right" or "wrong" way to use pfSense.

    There is also no way for pfSense to know what your real intent is, especially when it comes to configuring packages (which is mainly what you're talking about, squid, squidguard, etc). I don't know about you, but to me what you're suggesting sounds a lot like "Clippy" of Microsoft Office infamy. It shouldn't really be pfSense's place to second guess what an administrator is trying to do, since that is really up to the administrator.

    The kinds of things you discuss are, as you hint at, things for the manual or book. There is a book in the works, and there is a lot of documentation on the Doc Wiki. Alternate scenarios and suggestions for better ways to accomplish a given task are wonderful to have there. That said, I wouldn't want them in the WebGUI trying to alter my behavior.


Locked