Hello,
Coming from bussines firewalls on my work (Forti, Sonic, etc...) I tried to move the perimeter security from my house to something like enterprise firewalls at minimum cost posible.
Over last 2 years I go from mikrotik to OPNsense to Sophos to OPNsense and to pfsense.
I migrated from MK to OPNsense because I want "real" firewall UTM on my home network but OPNsense lacks the possibility to apply webfilter by source. Then I discovered a free full version of sophos SG for home users, after some months, sophos have all filters, IPS, etc out of the box, but its management is terrible slow, and lacks of things like wireguard, so went back to OPNsense. I found a webfilter plugin ported from squidward but is not updated for the last 2 years, have many limitations and the blocked page redirects to the Portuguese developers
Finally I migrated to pfsense, it have all I want but... Is working at half, squid have many problems on transparent proxy and https (OPNsense is more "transparent"), and the gui is not polished as OPNsense.
I'm going to migrate to OPNsense again, but I want to know if there is a way, or if it's planed (for example a squidguard plugin) to use transparent proxy webfilter by source. I want to have all my home network protected from malicious sites and block adult sites to my son (Yes I don't want to block porn to myself :D )
How do you solve this "problem"?
Did you have a look at that plugin:
https://github.com/opnsense/plugins/tree/master/www/web-proxy-useracl
Squidguard is not developed anymore:
http://www.squidguard.org/
Yes, this plugin is only for user ACL not IP ACL (If something not changed), authentication in general is not a common practice on home networks.
Searched many times and always got 2 posts, one from the brazilian discontinued plugin, and other with the same question:
https://forum.opnsense.org/index.php?topic=8695.0 (https://forum.opnsense.org/index.php?topic=8695.0)
There's a solution, sadly there's no GUI yet, so if you don't mind here's a couple of posts u can reference.
https://forum.opnsense.org/index.php?topic=24388.msg117029#msg117029 (https://forum.opnsense.org/index.php?topic=24388.msg117029#msg117029)
Quote from: Amr on December 28, 2021, 08:51:02 AM
There's a solution, sadly there's no GUI yet, so if you don't mind here's a couple of posts u can reference.
https://forum.opnsense.org/index.php?topic=24388.msg117029#msg117029 (https://forum.opnsense.org/index.php?topic=24388.msg117029#msg117029)
thanks for your answer Amr, I have followed some examples, this is the most useful that I found to make it with categories:
https://www.sbarjatiya.com/notes_wiki/index.php/Configuring_squid_to_block_websites_based_on_categories (https://www.sbarjatiya.com/notes_wiki/index.php/Configuring_squid_to_block_websites_based_on_categories)
But sometimes I get a descriptive error that I can solve, and sometimes I only get an error without any description (reloading squid service), do you know where is the path of squid logs?
I think this will be a easy way to implement source based ACLs on the GUI, this a basic feature with is very useful
thanks
Quotedo you know where is the path of squid logs
/var/log/squid/
Business Edition has a plugin for it