Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    My Gateway

    Scheduled Pinned Locked Moved
    General pfSense Questions
    4
    5
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      LawTech
      last edited by

      Hi.  I am new to pfsense.  I have been use an old version of Clark Connect for my home router.  I am looking to switch to pfsense.  After doing a lot of research, and asking a lot of questions, I was able to do two things with Clark Connect:

      1. Only devices I approved could connect through my router.  I did this using firewall rules to screen devices by mac address.

      2. Using some shell scripts, I could block my kid's access to the internet.  They could only get online when I said so.  This was a parent's dream.

      Now I would like to do the same using pfsense, but I am also hoping that using the proxy server, I can keep track of the web pages my kids are visiting.  (another parent's dream)

      So, is this something that can be done using standard pfsense setup, or will I have to rewrite some firewall rules?

      1 Reply Last reply Reply Quote 0
      • K
        Klaws
        last edited by

        @LawTech:

        1. Only devices I approved could connect through my router.  I did this using firewall rules to screen devices by mac address.

        No, pfSense doesn't support MAC filtering. You can configure the DHCP server in pfSense to "static ARP" which kind of does the job - but not in combination with port/IP/Layer7 rules. You can, of course, use these more advanced filters on the IP addresses which DHCP hands out to specific MAC addresses. Of oucrse, this approach can be hacked. Then again, your current setup can easily be hacked as well.

        @LawTech:

        2. Using some shell scripts, I could block my kid's access to the internet.  They could only get online when I said so.  This was a parent's dream.

        I'd use a captive portal for that. Yup, pfSense has a captive portal built-in.

        You can add your own PC's MAC address to a whitelist (pass-though MACs), so these amachines can access the internet without logging in to the captive portal. This of course can be hacked. You can also provide a "master password" for your use, which means that you would have to log into the captive portal as well. This apprach is less convinient for you, but is more hack-proof and might add a bit of security if the kids gain physical access to your PC.

        And if the kids want to go online, you can hand them a voucher which allows them access the internet for a pre-set duration (like, an hour).

        Obviously, you need to keep the pfSense box and the vouchers physically secure.

        1 Reply Last reply Reply Quote 0
        • G
          gfoxfarmer
          last edited by

          You could also try doing content filtering with squid + squidguard and lightsquid for reports on what website they are visiting.

          I found a simple tutorial here:
          http://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-tutorial

          1 Reply Last reply Reply Quote 0
          • L
            LawTech
            last edited by

            Ok, thanks for the help.  It looks like I will have to stick with firewall rules.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              You can do layer2, and hence MAC, filtering with the captive portal. It uses ipfw instead of pf like the rest if the pfSense filtering.

              Steve

              1 Reply Last reply Reply Quote 0
              • First post
                Last post