Filtering DNS and HTTPS Traffic on pfSense
This tutorial will describe how to implement DNS and web filtering of HTTPS traffic (including decryption and sslbump) within a small home or office network protected using pfSense firewall by adding together Squid Proxy, DNS Safety filter and Web Safety ICAP based web filter.
All components of this network will be managed using admin friendly browser based user interface with minimal manual configuration. Hopefully this tutorial will be useful for casual network administrators wishing to quickly deploy and configure reasonably safe home/small office network with advertisement blocking, safe browsing and adult only contents protection.
Network Structure
This tutorial assumes the following simple network structure. We have several network workstations, wi-fi access point and several wireless clients as well as multimedia devices like Microsoft X-Box, Apple TV etc. Our goal is to provide filtered access to web sites, block excessive ads and prevent access to adult only content.
We will start with configuring our pfSense firewall on the next step.