Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Content Filtering on CF

    Expired/Withdrawn Bounties
    25
    45
    46.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cybrsrfr
      last edited by

      Content filtering can be done using OpenDNS.
      Use the following OpenDNS servers:

      208.67.222.222
      208.67.220.220

      Then sign up for an account at OpenDNS define your network IP so that OpenDNS can identify you and then set what categories of sites you want blocked or add in the domains of your choice. Also you have a dynamic IP you can use DNS-O-Matic that is provided from OpenDNS to keep a track of your IP. So that it stays synched with OpenDNS. For additional security block UDP 53 (DNS) for everything but the OpenDNS servers.

      DNS-O-Matic will be available in PFSense 1.3. For those that would like to have it now see:
      http://forum.pfsense.org/index.php/topic,7311.msg41445.html#msg41445

      1 Reply Last reply Reply Quote 0
      • D
        dingo
        last edited by

        Ok question…. do it have to be squid if I could meet your needs.... Theres better out there then squid for this stuff

        1 Reply Last reply Reply Quote 0
        • K
          kapara
          last edited by

          Opendns is a really neat solution. I have been implementing it at several clients after reading about it in this post.  It works very well! The only problem is you are unable to easily create groups so one group would be blocked and other would not.  This could be done by creating some type of policy for DNS where based on your IP address you could some how forward DNS requests to Opendns for machines who have IP's in a restricted group or policy.  You could also do it based on MAC address which would prevent people from tricking the system and changing their IP.  A rule would also have to be created to block DNS requests to anywhere besides the pfSense so no one could circumvent the system.  Or this might be tooooo complicated.  This is assuming that Opendsn will not be bought by another company and turned intoa for profit.

          Mark

          Skype ID:  Marinhd

          1 Reply Last reply Reply Quote 0
          • S
            sai
            last edited by

            .  This is assuming that Opendsn will not be bought by another company and turned intoa for profit.

            Mark

            opendns makes its money from search pages that are displayed when you type in a bad domain. sometimes it displays a search page anyway :-)

            1 Reply Last reply Reply Quote 0
            • K
              kapara
              last edited by

              Yes you are correct.  I understand that is how they currently make their money…..but once a company has a massive customer base albeit non-paying, and becomes incredibly popular they have the possibility of getting gobbled up.  Slimming down the functionality and then charging a premium for the more "advanced" features.  Do not get me wrong.  I will enjoy the ride for as long as possible.

              Cheers,

              Mark

              Skype ID:  Marinhd

              1 Reply Last reply Reply Quote 0
              • First post
                Last post