![Nxfilter pfsense](https://cdn1.cdnme.se/5447227/9-3/20_64e61dfc9606ee7f8b257166.png)
![nxfilter pfsense nxfilter pfsense](https://images.51microshop.com/4898/product/20191224/Pfsense_appliance_AES_NI_Kettop_Mi6100L6_with_Intel_Core_i3_6100U_6_Intel_Gigabit_Nic_Used_As_A_Router_Firewall_Proxy_Wifi_Access_Point_1577198440949_0.jpg)
![nxfilter pfsense nxfilter pfsense](https://linuxincluded.com/wp-content/uploads/pfsense_interfaces-518x270.png)
Since this is a DNS forwarded running locally, I have a firewall rule to block port 53 requests except those that come from nxfilter, so everyone is locked into the filter. Since there was no configuration on the client side, it was a joy to see it “just work”.Īs a proof of concept, I installed nxfilter on pfsense (this way it replaces DNSmasq). I haven’t done any of the work to package this for pfsense, right now I just did the work to prove nxfilter can run on the pfsense box. The biggest thing that stopped me from moving any further than a simple proof of concept is the fact that nxfilter is a java application.
![nxfilter pfsense nxfilter pfsense](https://vorkbaard.nl/wp-content/uploads/2017/11/idsips_0014-1-214x300.png)
I’m not sure it’s a good idea to run java on my production firewall in the first place, however, since pfsense 2.1.5 is using FreeBSD 8.3, the only java package I could find was a VERY old package. If running Java on the firewall makes me a little nervous, running an old version is a non-starter. If this goes anywhere, getting a current version of Java will be a requirement (and having someway to update it). Maybe, when pfSense 2.2 is released and we have access to FreeBSD 10.1 it will make more sense to look into running nxfilter as the DNS forwarded on the pfSense box. If anyone is interested in this, below are the steps I followed to install this. NXFILTER PROXY ZIP FILEĭownload the code in the zip file from.After the packages are loaded test java by running ‘java –version’.Nxfilter needs port 80 on the box so it can show the block web page without any setup on the client side.Īlso, turn on “Disable webConfigurator redirect rule” Change the pfSense Web UI to use port 444 (or any other port you choose).turn off DNSmasq or any other DNS server you are running on the pfSense box. Bind nxfilter to only the LAN interface (you don’t want this on the WAN interface).Change the permission on the scripts so they are py the nxfilter.zip file to the /nxfilter directory.Create the nxfilter installation directory. You can bind NxFilter to a specific IP address using 'listen_ip' parameter in '/nxfilter/conf/cfg.properties' file.
![Nxfilter pfsense](https://cdn1.cdnme.se/5447227/9-3/20_64e61dfc9606ee7f8b257166.png)