OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Camagur on February 13, 2020, 12:17:18 pm

Title: Ads blocking
Post by: Camagur on February 13, 2020, 12:17:18 pm

Hello OPNsense Community!

My first post and coming from pfsense, my question is what do you guys use to substitute pfblocker?

Thanks

Title: Re: Ads blocking
Post by: mimugmail on February 13, 2020, 12:19:18 pm

Bind or dnscrypt-proxy Plugin. Theres currently unbound-plus plugin in development which offers free usage of lists

Title: Re: Ads blocking
Post by: Camagur on February 13, 2020, 12:25:25 pm

thanks!

Im trying BIND, but I cannot make it work, can BIND work alone or it needs unbound to work?

Title: Re: Ads blocking
Post by: mimugmail on February 13, 2020, 12:58:15 pm

When you disable Unbound you can make bind listen on port 53, sure

Title: Re: Ads blocking
Post by: Camagur on February 13, 2020, 01:15:17 pm

and what about dnscrypt-proxy? is it the same?

Title: Re: Ads blocking
Post by: mimugmail on February 13, 2020, 04:28:39 pm

In principle it's the same, but it has als dns encryption aboard.
If you feel brave you can also install the devel plugin via CLI: pkg install os-unbound-plus-devel
And then you have a submenu Blacklists in Unbound

Title: Re: Ads blocking
Post by: BNaCl on February 13, 2020, 04:51:45 pm

Sensei is pretty sweet and easy. Love the other functionality of it as well.

Title: Re: Ads blocking
Post by: Camagur on February 14, 2020, 11:45:49 am

Code: [Select]

Sensei is pretty sweet and easy. Love the other functionality of it as well.
you mean with sensei we dont need other blocks, does it uses the same lists or equivalent as the other options?

Title: Re: Ads blocking
Post by: BNaCl on February 14, 2020, 07:46:47 pm

From their site:

The engine processes the request, queries to "SVN Cloud" in real-time and decides whether it will be blocked or allowed. We check against 140+ Million Websites, under 120+ categories in milliseconds.

The free edition is limited but if you don't need more than 1 policy (you don't need to apply different policies to different machines/users), it is pretty functional. The paid version also gets you additional security features and allows granular filtering of apps and/or content (excellent for kids). I really liked the reporting which provides detailed traffic insight so I went ahead and purchased the Home edition.

I think you will need a paid edition to get the Ad blocking without globally enabling all the filtering. If all you are after is ad blocking you can probably do the same thing for free with OPNsense Web Proxy and lists but it isn't nearly as easy to setup. My suggestion is install it and see if it is something you want to spend $$ on.   

Their site has some good screenshots and video of the feature set:
https://www.sunnyvalley.io/sensei/

Link to the documentation for each feature:
https://help.sunnyvalley.io/hc/en-us/sections/360004602594-Modules

Version Comparison:
https://www.sunnyvalley.io/plans/

Title: Re: Ads blocking
Post by: BNaCl on February 14, 2020, 08:05:02 pm

Forgot to mention, Sensei is resource intensive and requires a decent/modern CPU and free RAM. Make sure you follow their HW sizing guide, but it is a little confusing because it references number of devices (concurrent) AND bandwidth.

For example I have 400/20 for my WAN and less than 15 concurrent devices. Based on the WAN speed the chart would seem to point me to a quad core i7 CPU which is ridiculous. I am running a i3-7100U with 8G RAM and it isn't breaking a sweat. You could probably get away with 4GB RAM depending on your sizing and modules. Celeron's are a no-go (learned from personal experience).   

https://help.sunnyvalley.io/hc/en-us/articles/360025047373-Hardware-Requirements