Opnsense and pfblocker alternative

Started by newbee, July 18, 2021, 06:32:47 PM

Previous topic - Next topic
Hi

Yes i have read so much its been weeks over googled the subject, reading old posts does not help as opnsense might do it. 2021 what should we do? Yes this pfblockerng keeps me back. I have tried to understand it and i get the install both and find out philosophy. Instead i feel there should be a clear understanding for newbies. I would love you Pros to impart a setup that equals the security that pfblockerNg adds. I dont even know what i will be missing. But this should not be a reason for me to avoid opnsense.

Sperate vms running other software to compensate is fine. If plugins that use highier resources, is it worth it vs using "x". Or just use opnsense for everything then use pfsense for pfblockerng. There is no way that opnsense is a lesser product as im sure you are all serious about security. Why does this pfblockerNg seem like overly complicated dilemma? Just feel it could be negated with clear wisdom. What opnsense already does do that pfsense does, doesnt need to be covered. Im sure there are many options lets open it clearly.

Did you have a look at GeoIP alias?
Did you have a look at Unbound blacklists?
What else do you miss?

I know its stupid, as am i for asking. i wouldnt even know.

Thank you for the time to reply on a sunday.

There just seems to be a wave of topics out there which make new comers to opnsense feel that pfblockerng "wins"the choice. I feel it doesnt. would you install pihole, sensei or dnscrypt , proxy or use IPS?



Quote from: newbee on July 18, 2021, 09:42:26 PM
would you install pihole, sensei or dnscrypt , proxy or use IPS?

Pihole: in theory you can block domains as well directly on OPNsense. There are plugins to download blacklists.

Sensei: That is a DPI engine for protocol, payload and service inspection. You can install it if you like and think you need it. You should know that it has some higher hardware requirements.

DNScrypt is for I don't know DoH or DoT. It can filter domains in DNS as well.


IPS is based on the Suricata engine. It's main purpose is filtering malicious traffic but since more and more traffic is encrypted by TLS, it will be harder to find anything.


Ok sounds reassuring. i dont mind any tech overhead, not interested in easier or harder. Thats just lazy talk. Im installed wil setup in morning now comfortable here start learning.

Why OPNsense?
1. In the UK we are so advanced and ahead of the world that in October 2021 i will finally be able to connect to 1GB sym fibre that not a typo 1GB! (currently @ 60/15). Leaving the rest of the world in my dust? (total joke of corrupt infrastructure). So new hardware and homelab.
2. You let me ask a broad and empty question without attacks and helped. Thats a friendly community.
3. Docs are clear.
4. less updates.
5. HardBSD
6. Great feature set
7. Less commercial, gives me peace of mind. - nice attitude you do it for fun. Best work comes when you have that passion. your passion is protecting my data.
8. Yes UI in this age is nice, clean for the eyes. No brainer. if i want plain and simple i would be in terminal? Not to hard to paint some css or bootstrap?

X. Hate politics, so pains to mention and bring up old nonsense but it is a point. Certainly in opensource. Whole point of opensource is to be Open and fork away. You dont need to reason it. It is your right to use your time create what you want. Then to share your time for free? Thank you m0n0wall > pfsense > opnsense and the next guy who has some sense to fork ;) So i find the sourness less attractive, dont care about who did what or why, as above for why.