The use of Squid as a proxy and content filter in pfSense software was, for many years, a widely adopted solution by network administrators. However, recent changes in pfSense software maintenance have brought an important warning to those who still depend on this technology: Squid is officially discontinued . Netgate, the company responsible for pfSense software, not only ended support for Squid but also recommends its immediate removal , citing serious security and stability risks.
This content aims to inform pfSense software users about the dangers of keeping Squid in production, explain the reasons behind its discontinuation, and present more modern and secure alternatives for internet access control, highlighting Lumiun DNS, which proves to be a practical and effective solution for those seeking protection, ease of use, and integration with pfSense software.
If you prefer, you can watch a video about configuring the pfSense software to use Lumiun DNS. Additionally, you'll see the blocking process in practice and view the access in the report.
Squid Discontinued
Squid , traditional proxy and content filtering tools, were officially discontinued by Netgate in 2023, and their removal from the pfSense software package repository was announced as definitive. According to Netgate itself, this decision is due to a combination of critical security risks, maintenance difficulties, and incompatibilities with the system's evolution.
The announcement, made on Netgate's official blog, makes it clear that the company no longer offers support for Squid and SquidGuard in current and future versions of the pfSense software. Therefore, these packages will no longer receive updates or security patches.
The recommendation to immediately remove Squid from your facilities aims to avoid exposure to serious vulnerabilities and instabilities that could compromise network security.
What are the risks of continuing to use pfSense software?
With the end of support, Squid no longer receives security updates. This means that known flaws remain active in the system, making the network vulnerable to external attacks, exploitation of vulnerabilities, and data compromise. Several flaws were reported while Squid had active support. Researcher Joshua Rogers found and reported Squid's security flaws in 2021 and released the technical details of his findings in 2023, after two years without resolution. Rogers identified 55 vulnerabilities using manual code review, static analysis, and fuzzing, an automated software testing technique that aims to find bugs and security vulnerabilities by providing invalid or unexpected inputs to a program.
“The Squid team has been helpful throughout the process of reporting these issues. However, they are understaffed and simply don’t have the resources to fix the problems that have been discovered,” Rogers said in 2023.
Many of the vulnerabilities can lead to a crash, but some can also be exploited for arbitrary code execution ( ACE ).
Furthermore, we can add to the list of reasons against using Squid its outdated and unstable code, lack of compatibility with newer firewall versions, and loss of effectiveness as a proxy.
Alternatives for maintaining access control with pfSense software
Considering all the content already mentioned here, it is necessary to rethink how to apply access policies, content filtering , and browsing protection. Fortunately, the market offers modern, efficient solutions compatible with pfSense software.
PFBlockerNG
A well-known alternative among pfSense software users is PFBlockerNG , which operates at the DNS level and offers:
- Blocking domains by category (ads, malware, social networks, etc.).
- Country-based filtering (GeoIP) for international traffic control.
- Advanced blocklist customization
PFBlockerNG is powerful, but it ends up being complex for less experienced users and requires a higher level of learning, in addition to the manual configuration and maintenance of lists.
Lumiun DNS
Lumiun Lumiun DNS emerges as an accessible, managed solution that is easy to integrate with pfSense software. It allows for cloud-based configuration control, focusing on security and productivity, offering:
- web dashboard for creating rules and reports.
- Blocking by categories, TLDs, lists updated via API, and application filters.
- Release time.
- Real-time monitoring of network access, with internal IP and MAC address identification.
- Simple integration with any edge router and firewall, including pfSense software.
By using Lumiun DNS, you gain effective control over internet access, without the complexity of maintaining proxies or manually configuring multiple lists. Furthermore, Lumiun DNS offers personalized support, with experts available to assist with configuration, questions, and other user needs.
Using Lumiun DNS
Register with Lumiun DNS
Go to https://dns.lumiun.com/register to create your free account. By creating an account, you will start a free 14-day trial of the Pro Plan. After 14 days, you can choose between the Free, Pro, or Education plans.
Fill in your first name, last name, email, phone number, and password to create your free account. If you prefer, you can create it directly with your Google account.
Confirm registration via email.
After registering, confirm your account by clicking the “Verify email” in the email that was sent to you. If the email is not in your inbox, check your Spam folder and mark it as “Not Spam” to receive future emails.
Complete the initial steps.
After confirmation, you will be directed to the policies page, but first, you must enter your organization's information.
After this setup, you will go through a brief "Tour" about Lumiun DNS.
Don't let your guard down, protect your network.
The discontinuation of Squid in pfSense software necessitates an update to access control practices in networks using pfSense software. Maintaining Squid in production is not only risky, but also limits productivity due to the vulnerabilities and limitations of this obsolete feature.
Instead of insisting on outdated and insecure solutions, follow the safer and more efficient path. Adopt modern tools that are easy to manage and compatible with current security standards. In this scenario, Lumiun DNS stands out as one of the best alternatives, offering a combination of ease of use, control, and visibility, with full compatibility with pfSense software.
