Meh - you have to monitor any block list. For reference though, beyond using a UTM to block (which isn’t all that great in our mobile device era) you can use a proxy on-site (same mobility issue but leaves the Unifi gear to do what it’s great at), there are some antivirus products that include content filtering (Bitdefender Gravity Zone for example), and there are DNS based products like the aforementioned Umbrella and Webroot (these can suffer the same problem as a UTM or proxy unless you use the agents on endpoints that are mobile). If your provider is using Cisco Umbrella (the commercial version of OpenDNS) then that is usually enough to do some content filtering (although they like to remind their partner service providers that they are primarily a layer of malware/phishing defense and that they shouldn’t be considered the primary content filter). That being said, the Unifi USG line will have more UTM features added during 2019, but you would probably need an XG or maybe Pro to keep enough throughput without the hardware acceleration. I regularly use it on P2P but it’s not one of those UTM’s or proxy devices that uses a middle SSL certificate. At the moment the solution that is implemented for NethServer for filtering online content is SquidGuard.For the record, Unifi routers do currently have some rudimentary ability to block some traffic/sites based on DPI. With squidguard you can add several blocklists so your users are ensured of a safe(er) internet experience.Īnother option would be to use NxFilter instead of squidguard. uses this option on a seperate server in his educational environment. Who wants to try and install NxFilter on NethServer and document this in a Howto topic?.Can SquidGuard be replaced by NxFilter on NethServer? (or better: can you choose to use NxFilter instead of SquidGuard).differences between NxFilter and SquidGuard.I would like to explore the option to get NxFilter integrated in NethServer. I found an install howto for centos7, but that howto uses an old repository to download the NxFilter RPM’s. The latest packages can be found here: RPM’s are available from a 3rd party repository: Īlso that howto mentions opening ports in the firewall. We need to adapt those commands to the ‘NethServer way’ of adding services and opening ports.Īlso, NxFilter is a java application. Maybe we can re-use parts of those modules (for instance installing openjdk) we already have a few java based modules. Thanks for setting up this feature discussion have used squid and web proxies in the past but moved to DNS filtering as I found it a more reliable way to categorise and block sites. I did actually install it on a clean NethServer today. It is fairly trivial using the RPMs IF you install (eg) webtop first - thanks to the webtop_team who have covered the installation of java etc dependencies. I disabled NethServer dnsmasq, changed the nxfilter GUI ports and adjusted the firewall etc. The next step was to re-instate DHCP services, yet, by then, I realised a better solution would be to install in a container: That, again, was reasonably trivial to install with nethserver-docker (portainer). This way, NethServer is intact and its DNS is simply pointed at the filter. This project can then likely wait for Portainer to be more production ready.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |