OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of bmilton »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - bmilton

Pages: [1]
1
General Discussion / Re: network enforced safe search with IP exclusions
« on: October 23, 2023, 11:19:41 pm »
I installed AdGuard and set it up for an alternate port 65535 since I was already running Unbound DNS.
Added a Query Forwarding rule in Unbound to forward to that port.

I can see traffic is flowing through AdGuard and I'm getting lots of cool details on the Adguard dashboard.
Thing is all of the traffic that hits adguard is coming from the same internal IP 192.168.1.1 (My LAN interface).

I see where I can add persistent clients in adguard with custom safesearch rules, but if I add a specific device IP here it gets ignored because all of the traffic is associated with the single IP 192.168.1.1

The runtime clients list shows individual device IPs but requests are all associated with the LAN interface.

Not sure how to get Adguard to see the requests as coming from individual devices.  I even tried putting one device on a separate interface with a different IP range.  That device is listed as 192.168.200.10 shows up in the adguard runtime list but the traffic requests are still associated with my LAN interface 192.168.1.1.

2
General Discussion / Re: network enforced safe search with IP exclusions
« on: October 21, 2023, 03:52:11 pm »
I'm talking about this...

https://docs.opnsense.org/manual/unbound.html

"Enable SafeSearch: Force the usage of SafeSearch on Google, DuckDuckGo, Bing, Qwant, PixaBay and YouTube."
   
https://www.zenarmor.com/docs/network-security-tutorials/what-is-safe-search

"The Safe Search option is typically enabled for each user or endpoint. However, Zenarmor lets you turn on Safe Search Enforcement for each policy for every network user. This functionality is perfect for school networks where Safe Search is off by default for faculty and staff members but enabled by default for students. With the help of this capability, IT departments may effectively and globally manage Safe Search on the network"

3
General Discussion / network enforced safe search with IP exclusions
« on: October 20, 2023, 11:42:57 pm »
Does anyone know if there is a way to force safe search on the whole network while being able to exclude specific IPs from enforcing it?

I've used the Unbound DNS Blocklist safesearch implementation which seems to be all or nothing.

Was looking at Zen Armor free edition which doesn't support Safe Search.  The paid edition does, but then I don't see any indication that it's not also an all or nothing setup.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2