SquidGuard, but using DNS Forwarder instead…



  • Call this a "wish" item if that's what makes sense…

    Preface: Squid and SquidGuard are two great products, but integrating them and getting all the nitty gritty settings set right can be a pain in the rear. Just an observation after a long time using all of the products (pfSense, Squid, SquidGuard, pfBlocker, etc...).

    Many times I don't need a proxy server. Proxy servers have their place, but sometimes a given location or site isn't it. But the management of that site still wants us to block social networking sites, music and video streaming sites, and porn/inappropriate sites.

    Enter in OpenDNS and DynDNS. Both have categorical blocking features available. However, OpenDNS Umbrella is crazy expensive and DynDNS's DNS servers have this nasty habit of not responding in a timely fashion. This brings me back around to SquidGuard.

    SquidGuard has a great database of sites and what categories they fall into. But once again, implementing a proxy server isn't best for all locations. But if SquidGuard could talk to pfSense's DNS Forwarder service and forward those requests to an internal "Nope, you can't go there" page, either hosted by pfSense or hosted internally on a web server... that could be a magical combination. If you passed the website they tried to access to the "nope" page as a parameter, you could even log what users are trying to go to what sites.... but I digress.

    I have no idea how to write packages for pfSense. I admit I tried a few years ago and it all went over my head, even though I've logged a ton of time coding in php. I'm not especially good at GitHub, and I don't have the time from a "take care of my customers and business" persoective to learn and code this. Perhaps this is a "bounty" item?

    Anyone else want this as well?


Log in to reply