OPNsense Forum
English Forums => General Discussion => Topic started by: pcborges on October 16, 2016, 08:15:17 pm
-
Hy, I am trying to put some content filter on my opnsense box but after reading about Transparent Proxy and Proxy cache I see it is a lot more than what I need, all I need is opnsense to block content bases on url.
The list of banned sites on UT1 “web categorization list” looks great.
All I want is to block sites on that list.
Thanks
Paulo
-
Hi Paulo,
If you have a list of sites you want to block, you can put them into an alias and make that the subject of a firewall rule. https://docs.opnsense.org/manual/aliases.html
Bart...
-
Hi Bart,
Thanks for the support.
I compiled a adults content list (sorted.txt attached) and, as you indicated, imported as host aliases.
Named the alias as Adult
I have an WIFI usb adapter and from that I created an accesspoint that is working ok.
What I am trying to achieve is apply content filter only on users connecting to accesspoint net
So, I created a rule at the firewall to block any protocol from accesspoint address and destination Adult.
Moved this rule to the top of the list and applied the rule.
I am doing all this while connected to the accesspoint WIFI interface.
But none of these urls are actualy blocked.
I am always connected to opnsense box from the accesspoint wifi interface.
Thanks
Paulo Borges
-
Hi, I just found that if instead of pasting the entire URLs list I paste just a piece of it (I did paste the first 10 lines) it starts blocking the (now quite shorter list of) URLs.
Is there anything I am missing?
Thanks
Paulo
-
You could use the built in OpenDNS client. It will all the time be up to date.
This service is free for private use.
With OpenDNS you will also have protection against phishing.
-
Hi, thanks for your support.
openDNS seems to be the perfect solution for my problem.
I followed the instructions on https://www.kirkg.us/posts/using-opendns-with-opnsense/ but opnsense does not block a thing.
Have you got it to work, to actually block something?
Thanks
Paulo
-
Yes, do you see any statistics in your OpenDNS dashboard? What are now your DNS adresses settings?
Gesendet von iPhone mit Tapatalk
-
HI, thanks again for your help.
To start from simple, no opnsense gateway.
I did change my Dlink router DNSs as follows: 208.67.222.222 and 208.67.220.220
So when dns resolution is put to the Dlink router it will use 208.67.222.222 or 208.67.220.220 to name resolution.
Disconected and reconected to my WIFI, ipconfig/all shown DNS IP is the same as Gateway which is the DLink router
I created an account at openDNS and I signed in.
The IP assigned to my router WAN port is registered at openDNS as my home network.
When I navigate to www.internetbadguys.com it is shown it is a demonstration page etc...
OpenDNS statistics show nothing.
Then I changed my Win10 DNS (for the WIFI interface I use) to 208.67.222.222 and 208.67.220.220
From Power Shell I call nslookup.
PS C:\Users\Paulo> nslookup
Servidor Padrão: resolver1.opendns.com
Address: 208.67.222.222
> www.internetbadguys.com
Servidor: resolver1.opendns.com
Address: 208.67.222.222
Não é resposta autoritativa:
Nome: www.internetbadguys.com
Address: 67.215.92.210
Even after that there is no activity on openDNS Total Requests for Home or any other activity
What do you think is wrong?
What I am missing?
Regards
Paulo
-
Hi, just found the wan ip on my router is not the one registered at opendns.
My router wan ip is 172.16.18.27, our ISP must be putting us behind a NAT gateway.
May be opendns will just not work under these circumstances.
Regards
Paulo
-
Hi,
Just to complement, I followed jstrebel sugestion on OpenDNS and I got it to work.
It is EXCELENT and does everything I need, blocking specific content and even more.
opnsence integrates perfectly with openDNS.
I sugest those interested to check OpenDNS.com web site for clarifications and https://www.kirkg.us/posts/using-opendns-with-opnsense/ for instructions on how to setup openDNS on opnsense.
I just did not find it necessary that DHCP is set for OpenDNS's DNS addresses once opnsense primary and secondary DNSs are properly set at System/settings/general.
Regards
Paulo