Clarification on PFSENSE Packages...
-
Ok, don't shoot me, I'm a newb. I have done research and testing on various packages and need some clarification. Basically, I'm trying to avoid overbuilding my pfSense box.
Long story short, we have about 200 IPs. Anything we host is all internal on our LAN (no web servers, mail servers, FTP, etc...). We want to block anything from coming in and be able to filter/monitor traffic going out. We don't want people visiting sites they shouldn't be and using services they shouldn't in our environment (ie torrent).
So, from my understanding, by default pfSense blocks everything coming in so we should be good there. For outbound, I was thinking of setting up Suricata on the LAN side only to block services and Squidguard with block lists for web filtering. Am I on the right track or am I missing something?
Also, for blocking web traffic based on block lists, should I be considering Squidguard or pfBlocker?
Sorry if these are very basic questions but any help would be appreciated!
-
i would go with pfblockerng-devel (pfblockerng is old and probably discontinued) and suricata
take in mind that blocking torrent is very difficult, you can't block it 100% but you can make life harder for the clients