I just look at your youtube video and I must say that I appreciate the time you took to explain things. I am wondering if I can use pfblockerNG in my scenario as I seek to explain what I am trying to achieve. I have two pfsense box at my work in High Availability and CARP WAN/LAN IPs. I am using squid proxy and squidguard for blocking and allowing sites. The challenge is when my secondary firewall takes over the squid/squidguard doesn’t work. My users are left with out internet unless they manually disable the proxy server. I read somewhere in the config that the squidguard doesn’t work on the secondary in HA, and when I tried to enable it, it crashed both boxes in production. So I was wondering if I could have gotten rid of the squid proxy/squidguard and use pfblockerng to allow and deny access to sites. I have two sg-1000 devices in my lab environment configured as HA so I can test first before moving forward with or without a solution. Your feedback would be of greatest help.