Blocking Websites

  • So anyone need to block websites because their employees are abusing facebook, arguing politics for hours, reading news all day, looking at everything on pintrist?

    Is there an easy way to block the sites from coming through the router especially if i can block them from going to certain local Ip addresses?

  • Easy way?  Not really.  You can look at either blocking IP addresses (which is painful), or installing an HTTPS proxy like Squid/SquidGuard with an SSL cert.

  • ocpistol,

    With additional packages squid and squidGuard it is very easy. there is a very good tutorial in the" How to's"  here on pfsense on how to set it up.
    Basically, simply install

    1. squid
    2. squidGaurd
    3. download blocklists/blacklists  from a couple of possible different websites
    4. After blacklists are downloded,  go through the categories that you want to leave neautral,white list,or block for employess.
    5. Save and apply and you will have a very customizable blocking capability.

    This is what we use at a school so you can imagine what we have to deal with for keeping sites blocked,and what teachers want to use in regards to Youtube etc,,for a built in babysitter into their room…:)


  • Suricata seems to be able to do this with ET_Policy… Just thinking out loud...

    First day I installed it I received a lot of "Corporate policy" errors. Wife and kids, neighbors and friends didn't like that much... LOL
    Couple hours without Facebook, Skype, and every other chat, social networking, or games,didn't hurt them any. :)

    Seems to me you could block everything from EBay, MySpace, NBC,CBS,ABC, YouTube video, or just simply block sending credit card numbers without SSL.

    Read this thread, covers pretty much everything, remember, your employees will hate you, so U might want to loosen this up a bit... LOL

  • Add a UTM product that can be used inline with your network…. e.g. Untangle.

  • Squid + Squidguard.

    And then, find good lists…

Log in to reply