Trying to semi-block



  • Hello, I'm still searching around but have yet to find a solution to (I'm sure) a common request.

    One client wants to block sites for some people but not others.

    Any ideas? It seems squid is dead on pfSense along with a couple other proxy-ish packages. But I'm not clear if a proxy is really what I'm after. I imagine I'll have to filter/pass by MAC address and deny all others? While that may work it seems like an awful manual way of doing things.

    Running pfSense 2.2.4, I'd appreciate a couple suggestions that I can delve into deeper.


  • Banned

    For "some people" defined how? IP? Subnet? Some login? (There's no feature to filter by MAC address in pf, plus considering it can be spoofed in seconds, it's also very pointless.)

    P.S. Squid 3.4.x branch is pretty much alive.



  • One client wants to block sites for some people but not others.

    This is easy to do.  Squid + squidguard allows you to define Access Control Lists of users/IP addresses and then selectively block sites based on those ACLs.  I have this running at my office, where mgmt is one ACL, and other employees in another.  Mgmt has full access all the time whereas the employees can't access social media or news etc unless it's lunchtime, 12-1pm.  You can either use blacklists from places like Shalla, or you can manage your own white and blacklists yourself and add URLs as required.



  • doktor - I thought I saw a rant from you in another post about Squid being dead and that pfBlockerNG should be used instead?

    kom - thanks, ACLs is pretty much what I've been looking for, so that's my starting point



  • He used to rant about squid until he took it over and very much improved it.


  • Banned

    Even though there have been tons of fixes in the Squid3 package meanwhile - there are still MANY use cases that would be handled much easier and with a whole lot less overhead with things like pfBNG - especially now with the pfBlockerNG 2.0 version that has DNSBL functionality.


Log in to reply