Difference between revisions of "Talk:PFSense and OPNsense"
(→Customize the Login Page: new section) |
(→hosts (www.facebook.com, www.tiktok.com , www.discord.com ): new section) |
||
| Line 16: | Line 16: | ||
Modify the following | Modify the following | ||
vi /usr/local/etc/inc/authgui.inc | vi /usr/local/etc/inc/authgui.inc | ||
| + | |||
| + | == hosts (www.facebook.com, www.tiktok.com , www.discord.com ) == | ||
| + | |||
| + | Some websites like digitalocean for example is actually behind cloudflares reverse proxy. If you have any website like this on your alias and it resolves cloudflares proxy IP. If these proxy IPs end up being blocked half of the internet will be broken for you. Plenty of sites use CDNs or have backend resources proxied by cloudflare. DNS based blockers are far better for your needs. | ||
| + | |||
| + | * https://old.reddit.com/r/PFSENSE/comments/12ifu1p/cant_get_a_simple_block_rule_to_work_for_all_the/ | ||
| + | |||
| + | The pfBlockerNG package (pfBlocker-NG Package) offers mechanisms which can be useful in this area, such as DNSBL, geographic IP address blocking, and automation of AS lookups. | ||
| + | |||
| + | * https://docs.netgate.com/pfsense/en/latest/recipes/block-websites.html | ||
Revision as of 22:29, 30 January 2024
Contents
WAN interface
There is no such thing as traffic going to a LAN address
an undocumented shortcoming, the firewall cannot understand traffic going to an internal address. Instead the traffic goes to the public WAN IP
you can't apply firewall rules on the WAN: they don't work
website sources for valuable information
- http://www.derman.com/blogs/Setting-Up-Blocking-Firewall-Rules
- https://doc.pfsense.org/index.php/Aliases
Customize the Login Page
Modify the following
vi /usr/local/etc/inc/authgui.inc
hosts (www.facebook.com, www.tiktok.com , www.discord.com )
Some websites like digitalocean for example is actually behind cloudflares reverse proxy. If you have any website like this on your alias and it resolves cloudflares proxy IP. If these proxy IPs end up being blocked half of the internet will be broken for you. Plenty of sites use CDNs or have backend resources proxied by cloudflare. DNS based blockers are far better for your needs.
The pfBlockerNG package (pfBlocker-NG Package) offers mechanisms which can be useful in this area, such as DNSBL, geographic IP address blocking, and automation of AS lookups.
