locking down network
-
@JaredBusch said in locking down network:
And the answer is yes. How do you think Cloudflare works.
MS requires all kinds of stupid things because of AD.
I don't understand this - Cloudflare is the DNS host for most of those it's protecting, if not all.... Soooo not sure where you're getting at?
-
so basically I am helping with my church/School , they need to connect to apple/android store. youtube. but social media sites locked down and p2p networks and anything inappropriate for k-12.
So OpenDNS is doing the trick for now., However there is no cherry picking, and certain users need the ability to connect to facebook as well. Posting via webpage what is going on in school etc.
Thats the situation at hand.
They received a letter that someone on the network was downloading from BitTorrent. and it broke digital media anti-piracy law. etc. So they are naturally freaking out.
This is something I want to setup and walk away.. I am just doing this to help them.
-
@mroth911 said in locking down network:
so basically I am helping with my church/School , they need to connect to apple/android store. youtube. but social media sites locked down and p2p networks and anything inappropriate for k-12.
So OpenDNS is doing the trick for now., However there is no cherry picking, and certain users need the ability to connect to facebook as well. Posting via webpage what is going on in school etc.
Thats the situation at hand.
They received a letter that someone on the network was downloading from BitTorrent. and it broke digital media anti-piracy law. etc. So they are naturally freaking out.
This is something I want to setup and walk away.. I am just doing this to help them.
Once you have set up pi-hole, go to this site:
https://github.com/StevenBlack/hosts#list-of-all-hosts-file-variantsHe provides list of social media sites to block.
If you must you either setup squid and squidguard and then use Shalla Blacklist to block whatever sites you preferred.
http://www.shallalist.de/categories.htmlAnd If a web gui is necessary, pfSense makes it pretty easy to configure.
https://www.netgate.com/docs/pfsense/cache-proxy/squidguard-package.html -
@mroth911 said in locking down network:
Thats the situation at hand.
This is something I want to setup and walk away.. I am just doing this to help them.
If only it was possible...
-
@mroth911 said in locking down network:
so basically I am helping with my church/School , they need to connect to apple/android store. youtube. but social media sites locked down and p2p networks and anything inappropriate for k-12.
So OpenDNS is doing the trick for now., However there is no cherry picking, and certain users need the ability to connect to facebook as well. Posting via webpage what is going on in school etc.
Thats the situation at hand.
They received a letter that someone on the network was downloading from BitTorrent. and it broke digital media anti-piracy law. etc. So they are naturally freaking out.
This is something I want to setup and walk away.. I am just doing this to help them.
Blocking Bittorrent without an application level firewall isn't that easy. Talking to the tracker happens via DNS, but talking to the other clients normally is just via IP address.
You could block all non needed outbound ports - but again, I think Bittorrent can work over port 80 and 443, so not really that helpful.
