The biggest thing that stopped me from moving any further than a simple proof of concept is the fact that nxfilter is a java application. I haven’t done any of the work to package this for pfsense, right now I just did the work to prove nxfilter can run on the pfsense box. Since there was no configuration on the client side, it was a joy to see it “just work”.Īs a proof of concept, I installed nxfilter on pfsense (this way it replaces DNSmasq). Since this is a DNS forwarded running locally, I have a firewall rule to block port 53 requests except those that come from nxfilter, so everyone is locked into the filter.
These are the only deficiencies I currently see verses the proxy filtering. If it is a problem there might be an option to use pfblocker somehow (it's just an idea floating around in my head, I haven't thought it through). However, I didn’t spend much time on this, so it needs more testing. I tried that with a few websites and it didn’t work very well. I’m not sure the kids can really use direct IP addresses. Second, if the kids can enter the IP address directly, of course the DNS filter won’t help. Relying on SafeSearch is our only option here. So, you either allow a site, or you block a site, but you can’t filter part of a site (or stop the kids from searching about bypassing DNS filtering). First, you can’t filter based on key words. Of course, since it is DNS filtering there are a few features that you loose. Jahastech has done a great job and I think this product could benefit a lot of families. It has most of the features offered with the proxy filters, but since it’s all done with DNS there is no problem with SSL, as well as no configuration needed on the clients. The best free filtering DNS forwarder that I’ve found is nxfilter (Jahastech has done some wonderful work with this product. So, this led me to try filtering with DNS. Also, Google has blocked SSLbumping if you use the Chrome browser, plus a few other issues with the SSlbump. I want to teach my family members about SSL and the things they should look at to make sure they are secure (especially when doing any banking). It worked, but I’m not very comfortable with the SSLbump. However, with more and more sites using SSL you have to use the SSLbump feature (essentially a man in the middle attack). Thanks to the wonderful pfSense project, I first tried Squid with DansGuardian and Squid Guard.
I’m not running a school, library, or any public facility – my use is just a filter for my family. I have been looking for a good web filter for my family.
0 kommentar(er)
