Hi,
have you considered to use squidguard with the URL Blocklist shallalist.de?
I have one deployment with squid (not in transparent mode, using port TCP
3128), squidguard and HAVP and I can block about all social network traffic.
Carlos
On Tue, Mar 22, 2011 at 4:53 PM, Luke Jaeger
Hi !
Is it possible to configure pfSense as a subordinate CA ?
I'd like to use my Windows 2008R2 CA as the main CA and pfSense as a
subordinate CA.
When I import an existing certificate of a subordinate ca, I cannot chose this
ca, when creating new certs with pfsense... (it displays the ca then
2011/3/23 Carlos Vicente cjpvice...@gmail.com:
Hi,
have you considered to use squidguard with the URL Blocklist shallalist.de?
I have one deployment with squid (not in transparent mode, using port TCP
3128), squidguard and HAVP and I can block about all social network traffic.
Carlos
On
I have done this. It only works with http, not https
Luke Jaeger | Technology Coordinator
Pioneer Valley Performing Arts Charter Public School
www.pvpa.org
On Mar 23, 2011, at 6:50 AM, Carlos Vicente wrote:
Hi,
have you considered to use squidguard with the URL Blocklist
shallalist.de? I
On Tue, 2011-03-22 at 18:37 -0500, Gerald Waugh wrote:
Hi,
Server fw1 appears to be operating fine as we have many sites that we
can access to through the server.
GUI and ssh accesses timeout, and tried different locations.
We have a backup pfsense server fw2 which is connected via
On Wed, Mar 23, 2011 at 7:03 AM, Fuchs, Martin
martin.fu...@trendchiller.com wrote:
I’d like to use my Windows 2008R2 CA as the main CA and pfSense as a
subordinate CA.
When I import an existing certificate of a subordinate ca, I cannot chose
this ca, when creating new certs with pfsense… (it
On Wed, Mar 23, 2011 at 7:23 AM, Luke Jaeger ad...@pvpa.org wrote:
I have done this. It only works with http, not https
Are you sure?
Squid can not store in cache the content from https traffic; however,
you are still able to create ACL's to control the access to this
URI's.
Check out your
Yes, I'm sure - facebook.com is explicitly blocked in my squid
blacklist and the shallalist 'socialnet' category is blocked too in
squidguard. I also set up a firewall rule blocking any traffic on any
port to
66.220.147.0/24
66.220.149.0/24
66.220.153.0/24
69.63.176.0/24
69.63.181.0/24
-Original Message-
From: Luke Jaeger [mailto:ad...@pvpa.org]
Sent: Wednesday, March 23, 2011 8:59 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] can't block https://facebook.com via firefox
Yes, I'm sure - facebook.com is explicitly blocked in my squid blacklist
and the
The way those in general work (not sure on Fortigate specifically)
is they MITM HTTPS as a proxy, you have to install a certificate
on all the clients that it uses so they trust the forged certs
it provides to the internal clients. There are two HTTPS
connections, one from client to the
okay, I took a long hard look at all my rules and tightened them up -
I think it's working now. Will repost if the students figure out
another way around it.
Thanks everyone!
Luke Jaeger | Technology Coordinator
Pioneer Valley Performing Arts Charter Public School
www.pvpa.org
On Mar 23,
I think the best is to combine DNS and firewall rule.
Using something like OpenDNS for all the DNS inquiry on your network and
then setup firewall rule so that only DNS inquiry are allowed to OpenDNS.
Then, going to OpenDNS to set your own blocking/allowing rule(s).
-Raylund
-Original
Is there a way to release all unused DHCP addresses without a reboot?
Can I do this by restarting the DHCP services? I have lowered the default and
maximum leased times. Any ideas?
From: Atkins, Dwane P [mailto:atki...@uthscsa.edu]
Sent: Wednesday, March 23, 2011 11:22 AM
To: 'support@pfsense.com'
Subject: [pfSense Support] Release all unused DHCP leases.
Is
-Original Message-
From: Raylund Lai [mailto:raylund@kankanwoo.com]
Sent: Wednesday, March 23, 2011 11:14 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] can't block https://facebook.com via firefox
I think the best is to combine DNS and firewall rule.
Using something
Could you explain, please what you mean by ‘release all unused DHCP addresses’?
Once you’ve changed DHCP server parameters, nothing actually changes until the
client next renews its lease, so what I think you’re after… is an automatic
process that takes up to 2*previous-max-lease-time. You
So is there no way to edit and get rid of all offline lease that have not
reached their max lease time?
Thank you,
Dwane
From: Adam Thompson [mailto:athom...@athompso.net]
Sent: Wednesday, March 23, 2011 12:47 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] RE: Release all unused
Offline leases in the pfSense interface are, I believe, merely a visual guide
to show you who last got that IP address. The “offline” part is what I’m not
100% sure about – if it just means the expiry date is past, or if the lease has
been released, or if the device isn’t responding to ARP…
Alberto Mijares amijar...@gmail.com ha escrito:
On Wed, Mar 23, 2011 at 7:23 AM, Luke Jaeger ad...@pvpa.org wrote:
I have done this. It only works with http, not https
Are you sure?
Squid can not store in cache the content from https traffic; however,
you are still able to create ACL's to
On Wed, Mar 23, 2011 at 2:56 PM, David Barbero s...@loquefaltaba.comwrote:
Alberto Mijares amijar...@gmail.com ha escrito:
Squid can not store in cache the content from https traffic; however,
you are still able to create ACL's to control the access to this
URI's.
Check out your ACL.
Yehuda Katz yeh...@ymkatz.net ha escrito:
On Wed, Mar 23, 2011 at 2:56 PM, David Barbero s...@loquefaltaba.comwrote:
Alberto Mijares amijar...@gmail.com ha escrito:
Squid can not store in cache the content from https traffic; however,
you are still able to create ACL's to control the access
2011/3/23 David Barbero s...@loquefaltaba.com:
Yehuda Katz yeh...@ymkatz.net ha escrito:
On Wed, Mar 23, 2011 at 2:56 PM, David Barbero
s...@loquefaltaba.comwrote:
Alberto Mijares amijar...@gmail.com ha escrito:
Squid can not store in cache the content from https traffic; however,
you are
2011/3/23 Michael Schuh michael.sc...@gmail.com:
2011/3/23 David Barbero s...@loquefaltaba.com:
Yehuda Katz yeh...@ymkatz.net ha escrito:
On Wed, Mar 23, 2011 at 2:56 PM, David Barbero
s...@loquefaltaba.comwrote:
Alberto Mijares amijar...@gmail.com ha escrito:
Squid can not store in cache
On Wed, Mar 23, 2011 at 5:14 PM, Michael Schuh michael.sc...@gmail.comwrote:
for a bit fun:
put *.facebook.com into your dns-masquerader and lead him to the
internal IP of the firewall
or to 127.0.0.1 :D (* - www, or whatever else, i am not aware if the
dns-forwarder can match wildcards)
2011/3/23 Yehuda Katz yeh...@ymkatz.net:
On Wed, Mar 23, 2011 at 5:14 PM, Michael Schuh michael.sc...@gmail.com
wrote:
for a bit fun:
put *.facebook.com into your dns-masquerader and lead him to the
internal IP of the firewall
or to 127.0.0.1 :D (* - www, or whatever else, i am not aware if
25 matches
Mail list logo