Difference between revisions of "PFSense and OPNsense"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
(blocking websites)
(blocking websites)
Line 13: Line 13:
 
Another option is finding all of a site's IP blocks, creating an alias with those networks, and blocking traffic to those destinations.
 
Another option is finding all of a site's IP blocks, creating an alias with those networks, and blocking traffic to those destinations.
  
blocking via WANs
+
=== BLOCKING DIRECTION ===
 +
 
 +
Consider that your machine are attempting to contact external sites as well as external hosts are trying to contact machines on your network.
 +
 
 +
(1) Stop machines from attempting to contact hosts on your network
  
 
Create rules that block connections via your WAN.   
 
Create rules that block connections via your WAN.   
Line 24: Line 28:
 
# for Source: (Type: Single host or alias) and (Address: enter name of the URL alias which contains the IP addresses you want to block)
 
# for Source: (Type: Single host or alias) and (Address: enter name of the URL alias which contains the IP addresses you want to block)
 
# for Destination select any
 
# for Destination select any
 +
# enter a Description
 +
# Save and Apply Changes
 +
 +
(2) Stop hosts on your network from contacting blacklisted external hosts
 +
 +
To prevent hosts on your network from communicating with blacklisted hosts online you create rules that block outgoing connections from your LAN. For each alias URL and each LAN just create a new firewall rule.
 +
 +
# Firewall → Rules → LAN tab and press the upper-right + button
 +
# for Action, select Reject
 +
# for Interface, select LAN
 +
# for TCP/IP Version, select IPv4
 +
# for Protocol, select any
 +
# for Source select any
 +
# for Destination: (Type: select Single host or alias) and (Address: enter the name of the URL alias which contains the IP addresses you want to block)
 
# enter a Description
 
# enter a Description
 
# Save and Apply Changes
 
# Save and Apply Changes

Revision as of 12:16, 25 January 2016

blocking websites

(1) via dns:

If the built in DNS Forwarder or DNS Resolver are in use, an override can be configured which will resolve the website to block to an invalid IP address.

(2) via firewall rule:

This is not a feasible solution for sites that return low TTLs and spread the load across many servers.

A hostname may be entered in a network alias, and then that alias may be applied to a block rule.

Another option is finding all of a site's IP blocks, creating an alias with those networks, and blocking traffic to those destinations.

BLOCKING DIRECTION

Consider that your machine are attempting to contact external sites as well as external hosts are trying to contact machines on your network.

(1) Stop machines from attempting to contact hosts on your network

Create rules that block connections via your WAN.

  1. Firewall → Rules → WAN tab and press the upper-right + button
  2. for Action, select Block
  3. for Interface, select WAN
  4. for TCP/IP Version, select IPv4
  5. for Protocol, select any
  6. for Source: (Type: Single host or alias) and (Address: enter name of the URL alias which contains the IP addresses you want to block)
  7. for Destination select any
  8. enter a Description
  9. Save and Apply Changes

(2) Stop hosts on your network from contacting blacklisted external hosts

To prevent hosts on your network from communicating with blacklisted hosts online you create rules that block outgoing connections from your LAN. For each alias URL and each LAN just create a new firewall rule.

  1. Firewall → Rules → LAN tab and press the upper-right + button
  2. for Action, select Reject
  3. for Interface, select LAN
  4. for TCP/IP Version, select IPv4
  5. for Protocol, select any
  6. for Source select any
  7. for Destination: (Type: select Single host or alias) and (Address: enter the name of the URL alias which contains the IP addresses you want to block)
  8. enter a Description
  9. Save and Apply Changes