On Tue 09 May 2017 23:14:37 NZST +1200, José Gregorio Díaz Unda wrote: > It looks like I should use PFS only as a firewall and DNS resolver, and > setup independently DHCP and Squid.
The DHCP server in pfsense is very good. With squid and squidguard I am less than impressed. It is more secure to run a web proxy on a different host than the firewall. If you want MITM filtering, pfsense is probably the easiest to set up because theoretically it's only a few clicks. I think there was a package for getting letsencrypt certs, if you trust them, you don't then need to import certs into all your clients. > May be Squid/Squidguard in a "solo-mode" are less complex to setup to > filter SSL. Or I should find a different alternative for Proxy/SSLFiltering. The best choice depends on what you want. The pfsense squidguard interface is not a time saver, some short strategic scripts in your own setup will probably be way faster in the long run. Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.top.geek.nz/ Please do not CC list postings to me. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold