I've been employing pfsense 2.0.2 as cost efficient firewalling routers for some time now.

I have the following problem, any advice will be appreciated

The network: systems having static and public IPs, needing to access the net.

The issue: although net access should be allowed, it should be via some heavy URL filtering, a la squidguard (plus the Shalla block lists for example).

The caveat: if the box acting as the filtering box goes down, I should just take the cable that connects the LAN switch to the filtering box, unplug it from the box side and simply connect it to the ISP router to have connectivity again…

Bottomline: if no URL checking/blocking was needed, I could do well with a pfsense box running in firewalling bridge mode, adding in/out rules appropriately to allow/block traffic. I have done this by bridging the pfsense box two interfaces, removing any ip information from the bridge members and adding rules directly to the br0 interface. Everything works fine this way.

The tricky part is to have some sort of URL filtering on the same box transparently to the user. Has anyone tried that out?

Other ideas to accomplish the same feat? Remember that I want a box that can be effectively removed from the net, without any reconfiguration at all to the LAN.