Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
General newbie OPNsense configuration questions
« previous
next »
Print
Pages: [
1
]
Author
Topic: General newbie OPNsense configuration questions (Read 701 times)
ibrewster
Newbie
Posts: 23
Karma: 0
General newbie OPNsense configuration questions
«
on:
October 27, 2023, 05:44:48 pm »
I've been working on setting up a new install of OPNsense, and I have a couple of questions about the config
1) One of the features I'm wanting to make use of in OPNsense is the content filtering. Looking at the various options provided, it looks like there are three "levels" of filtering available:
- The filter results via OpenDNS option
- DNSBL options for the unbound resolver
- Web proxy blacklist filtering
Does it make sense to enable more than one of these options? That is, would using the DNSBL option in unbound make filtering queries via OpenDNS redundant? And if I am using the DNSBL, is there any point to using the web proxy filtering as well?
2) Pretty much every website these days is HTTPS. If I were to set up the web proxy, I would want to set it up in a transparent fashion that doesn't require changes on the client side (I don't want to have to re-configure my friends/families computers whenever they come to visit...), so while it could proxy SSL, it wouldn't be decrypting the traffic. As such, is there any point to running the web proxy if filtering is handled via unbound? For unencrypted traffic, the proxy can do caching, which provides a benefit there, but can it cache SSL traffic without decrypting it?
3) It looks like a lot of the performance options are disabled by default. For example, to my understanding turning on forwarding in the unbound DNS resolver can potentially speed up DNS queries noticeably, but it is off by default. Is there any reason I *wouldn't* want to enable the following options in unbound:
- Query Forwarding
- Prefetch DNS Key Support (there is a note that it will increase CPU usage, but I have a quad-core 3.4GHz i7, so I'm thinking that's plenty of CPU?)
- Prefetch Support
4) Along the same lines as #3, are there any other options that are disabled by default that it would make sense to enable for best performance?
Thanks!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
General newbie OPNsense configuration questions