Floating rule(s) - pfblocker with transparent squid



  • Hi all,

    I'm running pfSense in an environment where blocking tor is desirable. Squid and Squidguard are installed. Squid runs in transparent mode.

    Current set up is:  ADSL modem in bridge mode <–--->WAN pfSense LAN<----->switch with ethernet users and wireless AP

    I've installed pfblocker to block/reject a tor alias created from the i-blocklist tor entry : http://www.iblocklist.com/list.php?list=tor
    The pfblocker auto rules appear under LAN and WAN in the firewall.

    This works, partially. If I start a tor client, the blocked counter can be seen incrementing in the pfblocker widget and tor cannot connect initially.
    Eventually it does though, and I assume that this is because it can get out via transparent squid on port 80.

    Can anyone please assist with how to set up a floating rule for pfblocker to catch this (if that will work)? I'm not clear on whether the pfblocker auto rules under LAN and WAN would then still be needed.

    Alternatively, is there a better way to block tor?



  • Take a look on pfblocker wiki page, it will help you on creating manual rules on floating tab.

    The rule description is important for widget count.



  • Thanks, marcelloc.

    I've done as per the screenshot. Does that look OK ? I'm unable to visit the remote site right now.


Locked