[Webfiltering] Many options - which one is the best? What redundant?

Started by hbc, February 28, 2019, 08:32:09 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 28, 2019, 08:32:09 AM
Hi all!

Since OPNsense provides many possibilities to filter traffic, I wonder which method is the best, less performance consuming one and maybe user friedly one. I do not think that you have to use every method because filtering lists/results maybe redundant.

Filtering methods:

  • Firewall and blocklist as URL Table (applies to every traffic)
  • Squid proxy with remote ACL (applies to proxied webtraffic)
  • Bind and DNSBL/RPZ (applies to FQDN)
  • OpenDNS (applies to FQDN)
  • Suricata IPS (applies to every traffic)
  • Sensei (applies to every traffic)

The first question is the layer/order/time when a method is applied. When I already block DNS, then clients will not request the resource and neither firewall, squid, IPS nor sensei will have to handle anything. But in this case, e.g. a web resource has been requested, the user will not know why his requests fails. If I had blocked via squid/sensei at least an info page would have been shown.
DNS blocking will not help if direct IPs are accessed. Damn! The more I think about it, you have to use at least some combinations to block everything.

What would you suggest to successfully block for example adware and tracker?

Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
November 04, 2023, 07:40:29 PM #1
hi hbc

did you finally get a good overview of the usage of different filtering-methods?
what's YOUR best practice to implement robust and versatile filtering in opnsense?

i use opnsense for many years but now i also need to implement small-business-grade filtering - which started to trigger the exact same questions in me.  :-\

thanks, paul

ps: gerne pm in deutsch  ;)
Print
Go Up Pages1
User actions