block social media using IPS
-
Hello everyone, I need to block social media but without using a proxy (Squid).
At other customers where I have a hardware firewall that I manage (not free) I can do it through IPS. Can I do the same with Pfsense?
Thanks everyone in advance -
You might be able to with the pfBlocker package with the appropriate feed, though I imagine there may be some false positives, or feeds that are out of date as most of the Social Media sites will make changes so folks can get in.
Be prepared as you may also get a lot of kickback from those who can no longer access those sites.
Take Care and Enjoy!
-
The Snort package offers the OpenAppID feature which can be useful blocking social media sites. You will want to be sure your NIC hardware (the specific driver, actually) fully supports the FreeBSD netmap kernel device. Netmap is used for Inline IPS Operation in Snort, and if you use OpenAppID you definitely want the ability to selectively drop individual traffic flows rather than simply block an entire IP address with Legacy Mode Blocking.
The official Netgate Snort package documentation can be found here: https://docs.netgate.com/pfsense/en/latest/packages/snort/setup.html. Setting up OpenAppID is at the bottom of the linked page.