Talk:PFSense and OPNsense

From Free Knowledge Base- The DUCK Project: information for everyone
Revision as of 22:29, 30 January 2024 by Admin (Talk | contribs)

Jump to: navigation, search

WAN interface

There is no such thing as traffic going to a LAN address

an undocumented shortcoming, the firewall cannot understand traffic going to an internal address. Instead the traffic goes to the public WAN IP

you can't apply firewall rules on the WAN: they don't work

website sources for valuable information

Customize the Login Page

Modify the following

vi /usr/local/etc/inc/authgui.inc

hosts (www.facebook.com, www.tiktok.com , www.discord.com )

Some websites like digitalocean for example is actually behind cloudflares reverse proxy. If you have any website like this on your alias and it resolves cloudflares proxy IP. If these proxy IPs end up being blocked half of the internet will be broken for you. Plenty of sites use CDNs or have backend resources proxied by cloudflare. DNS based blockers are far better for your needs.

The pfBlockerNG package (pfBlocker-NG Package) offers mechanisms which can be useful in this area, such as DNSBL, geographic IP address blocking, and automation of AS lookups.