Back to OPNsense but not for sure

Started by hemin, December 25, 2021, 10:35:25 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 25, 2021, 10:35:25 AM
Hello,

Coming from bussines firewalls on my work (Forti, Sonic, etc...) I tried to move the perimeter security from my house to something like enterprise firewalls at minimum cost posible.

Over last 2 years I go from mikrotik to OPNsense to Sophos to OPNsense and to pfsense.
I migrated from MK to OPNsense because I want "real" firewall UTM on my home network but OPNsense lacks the possibility to apply webfilter by source. Then I discovered a free full version of sophos SG for home users, after some months, sophos have all filters, IPS, etc out of the box, but its management is terrible slow, and lacks of things like wireguard, so went back to OPNsense. I found a webfilter plugin ported from squidward but is not updated for the last 2 years, have many limitations and the blocked page redirects to the Portuguese developers
Finally I migrated to pfsense, it have all I want but... Is working at half, squid have many problems on transparent proxy and https (OPNsense is more "transparent"), and the gui is not polished as OPNsense.

I'm going to migrate to OPNsense again, but I want to know if there is a way, or if it's planed (for example a squidguard plugin) to use transparent proxy webfilter by source. I want to have all my home network protected from malicious sites and block adult sites to my son (Yes I don't want to block porn to myself :D )

How do you solve this "problem"?
December 25, 2021, 10:46:56 AM #1
Did you have a look at that plugin:

https://github.com/opnsense/plugins/tree/master/www/web-proxy-useracl

Squidguard is not developed anymore:

http://www.squidguard.org/

December 25, 2021, 09:02:52 PM #2
Yes, this plugin is only for user ACL not IP ACL (If something not changed), authentication in general is not a common practice on home networks.

Searched many times and always got 2 posts, one from the brazilian discontinued plugin, and other with the same question:

https://forum.opnsense.org/index.php?topic=8695.0
December 28, 2021, 08:51:02 AM #3
There's a solution, sadly there's no GUI yet, so if you don't mind here's a couple of posts u can reference.
https://forum.opnsense.org/index.php?topic=24388.msg117029#msg117029
Disclaimer: All advice presented is "AS IS", no warranties.
I'm not part of the opnsense team, just trying to help.
January 01, 2022, 10:52:47 AM #4
Quote from: Amr on December 28, 2021, 08:51:02 AM
There's a solution, sadly there's no GUI yet, so if you don't mind here's a couple of posts u can reference.
https://forum.opnsense.org/index.php?topic=24388.msg117029#msg117029

thanks for your answer Amr, I have followed some examples, this is the most useful that I found to make it with categories:
https://www.sbarjatiya.com/notes_wiki/index.php/Configuring_squid_to_block_websites_based_on_categories
But sometimes I get a descriptive error that I can solve, and sometimes I only get an error without any description (reloading squid service), do you know where is the path of squid logs?

I think this will be a easy way to implement source based ACLs on the GUI, this a basic feature with is very useful

thanks
January 02, 2022, 08:46:53 AM #5
Quotedo you know where is the path of squid logs
/var/log/squid/
Disclaimer: All advice presented is "AS IS", no warranties.
I'm not part of the opnsense team, just trying to help.
January 02, 2022, 09:59:44 AM #6
Business Edition has a plugin for it
Print
Go Up Pages1
User actions