OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: wetdryorhot on November 12, 2019, 08:31:40 pm

Title: Blocking some site
Post by: wetdryorhot on November 12, 2019, 08:31:40 pm
Hello guys question how to block site using OPNsense? Im searching it also in the System then plugins and i tried to review some plugins in there but i notice there's no application or third party app. that can installed in OPNsense to block some site thank you. :) and one more is there an app to monitor? like what there are browsing or downloading like if there are using Torrent.
Title: Re: Blocking some site
Post by: hopper on January 22, 2020, 02:39:00 pm
Hi, wetdryorhot

You can use your opnsense as primary dns for your network (for example unbound):
Look at the configuration section for unbound under "Overrides":

Try out host.toblock.tdl with the ip 0.0.0.0 or domaintoblock.tdl with 0.0.0.0 in the domain section (works like pihole).
Title: Re: Blocking some site
Post by: Amr on February 25, 2020, 07:54:30 pm
You can use your opnsense as primary dns for your network (for example unbound):
Look at the configuration section for unbound under "Overrides":
That would work alright but kids will soon discover the joy of VPN. If you want a robust way to block websites for good I suggest you deploy a transparent filtering proxy, the downside of it is that you'll need to install a certificate on each pc but that's way easier than blocking every VPN IP on the firewall.

Or you can try IPS but personally haven't tried blocking VPN with IPS.

Ps:if you go the override way make sure to redirect all DNS queries to firewall and block other ports
Title: Re: Blocking some site
Post by: Amr on February 25, 2020, 07:59:21 pm
and one more is there an app to monitor?

yeah that would be ntopng you see install the plugin and config it (see documentation) and then access it through the browser on whatever port you specified (ex:192.168.1.1:3000, 3000 is the default port)