OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: hbc on February 28, 2019, 08:32:09 am

Title: [Webfiltering] Many options - which one is the best? What redundant?
Post by: hbc on February 28, 2019, 08:32:09 am

Hi all!

Since OPNsense provides many possibilities to filter traffic, I wonder which method is the best, less performance consuming one and maybe user friedly one. I do not think that you have to use every method because filtering lists/results maybe redundant.

Filtering methods:

• Firewall and blocklist as URL Table (applies to every traffic)
• Squid proxy with remote ACL (applies to proxied webtraffic)
• Bind and DNSBL/RPZ (applies to FQDN)
• OpenDNS (applies to FQDN)
• Suricata IPS (applies to every traffic)
• Sensei (applies to every traffic)

The first question is the layer/order/time when a method is applied. When I already block DNS, then clients will not request the resource and neither firewall, squid, IPS nor sensei will have to handle anything. But in this case, e.g. a web resource has been requested, the user will not know why his requests fails. If I had blocked via squid/sensei at least an info page would have been shown.
DNS blocking will not help if direct IPs are accessed. Damn! The more I think about it, you have to use at least some combinations to block everything.

What would you suggest to successfully block for example adware and tracker?

Title: Re: [Webfiltering] Many options - which one is the best? What redundant?
Post by: charon on November 04, 2023, 07:40:29 pm

hi hbc

did you finally get a good overview of the usage of different filtering-methods?
what's YOUR best practice to implement robust and versatile filtering in opnsense?

i use opnsense for many years but now i also need to implement small-business-grade filtering - which started to trigger the exact same questions in me.  :-\

thanks, paul

ps: gerne pm in deutsch  ;)