So dumb to just run a separate adblocking dns server, but that's what I did. For some reason, dns resolution would hang randomly from time to time when I was using pfblocker, got sick of debugging it.īefore this, I was using pfblocker for pretty much everything on my all my networks, and set up a pihole server in a VM on my freenas box. My pfsense memory usage has come way down, and it feels snappier while browsing. So I have disabled the pfSense resolver (unbound) and pfBlocker and am only using nxfilter for dns. Raspberry Pi Home Server - NxFilter Tutorial - YouTube Then I found this vid on Youtube for a quick tutorial on setting it up: GitHub - DeepWoods/nxfilter-pfsense: NxFilter install on pfSense But on my own private network I just want ad-blocking only, and I can do this easily with NxFilter. So I have them on their own vlan, and I block all kinds of stuff for their network. I have my kids home doing school full time now thanks to covid. I wanted to have better policy based dns blocking per network. Nxfilter is also another amazing DNS filtering solution, but it isn’t nearly as plug and play as either piHole or pfBlocker NG on pfSense.I found a better solution for myself, and stopped using pfblockerng. I’d love something with the ease of use of piHole but the flexibility of pfBlocker NG on pfSense. Some of us are in environments with extremely tight funding having something that requires a bit more finesse (but not that much more, really) is better than not having anything. If you want a true appliance with a seamless user experience then sure the commercial solutions will offer that - for a cost. Linux knowledge is absolutely not needed no more than me needing to know Linux because my Tivo happens to run it under the covers. I’ve been messing with block lists from various vendors since the 90’s (surf control super scout anyone?) and none are “fire and forget”.Īside from dropping to the command line to update the piHole software itself, everything else is done from inside the GUI. Meh - you have to monitor any block list. For reference though, beyond using a UTM to block (which isn’t all that great in our mobile device era) you can use a proxy on-site (same mobility issue but leaves the Unifi gear to do what it’s great at), there are some antivirus products that include content filtering (Bitdefender Gravity Zone for example), and there are DNS based products like the aforementioned Umbrella and Webroot (these can suffer the same problem as a UTM or proxy unless you use the agents on endpoints that are mobile). If your provider is using Cisco Umbrella (the commercial version of OpenDNS) then that is usually enough to do some content filtering (although they like to remind their partner service providers that they are primarily a layer of malware/phishing defense and that they shouldn’t be considered the primary content filter). That being said, the Unifi USG line will have more UTM features added during 2019, but you would probably need an XG or maybe Pro to keep enough throughput without the hardware acceleration. I regularly use it on P2P but it’s not one of those UTM’s or proxy devices that uses a middle SSL certificate. For the record, Unifi routers do currently have some rudimentary ability to block some traffic/sites based on DPI.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |