Yes but wompy did a far more understandable version for me to keep it simple stupid. Once I understand the mechanics Im good to go.

@hadi57:

add a rule to your firewall allowing port 3000.

This will enable access to ntop, but only HTTP, I want to use HTTPS…

Snort uses lots of memory on linux too.

@wompy:

Actually that link does have everything you need. Destinations is where your blacklist/whitelist additions will be. Once you save them then they will be added to the database. under default and ACL you will see the uptime destinations check boxes. Thats where you will specify to allow, or deny access. save and then apply on the general settings tab.

+1
If you select Dest-rule and not checking deny - this is mean whitelist, and such rules will placed before block(deny) rules (exclude 'all' rule - this rule always last) .

hi, and thanks for the reply

i already tried this, but didn't work, i don't know what's wrong.

thanks again

The problem was the package, i built lcdproc and ran it manually, it works fine.

Rather than downgrading, you can look the other way to see if that will help. pfSense 1.2.1 should be here by the end of the month, and will be based on FreeBSD 6.3-RELEASE (rather than the 6.2-RELEASE used in 1.2).

Click here for the development snapshots. The ISO works fine on my Dell Poweredge R200, which, being ICH9 based, will not work with FreeBSD 6.2-RELEASE. However, it's not advised to use this in production.

@Valhalla1:

trying to figure out if this was a serious 'feature' you are touting, or if I'm being leveled and this is not what you wanted/expected when installing those packages… 
anyway u said u were trying to reduce the # of packages required, u can drop phpsysinfo as thats got nothing to do with nothing as far as intant message programs

I think you are right, and you understood ….

We will wh. the next release, might V1.2.1 will solve this issue....???

Rergards

This how I did it.

install package squid and squidguard and go to console menu and press 8 to exit console menu.

chown of /var/squid and /var/squidGuard to proxy:proxy    (ex. chown -R proxy:proxy /var/squid)

create /download  directory

cd /download

pkg_add -r http://62.4.17.14/pub/FreeBSD/ports/i386/packages-6.2-release/All/wget-1.10.2.tbz

/usr/local/bin/wget http://www.shallalist.de/Downloads/shallalist.tar.gz    ( at least you can see download progress using this way)

click to Service>Proxy Content>General Setting

in Blacklist URL = /download/shallalist.tar.gz

see squidguard1.JPG

click save button

click Upload URL button

click save button (just to make sure)

although it says "SquidGuard service state: STARTED" just click apply button

GOTO Default tab

Follow my example using squidguard2.JPG and squidguard3.JPG or customize as you like but leave Default access [all]

click save

go to ACL tab and create new ACL (click the + button)

for "Source IP Address" put your network address/Masks bit (not ip address) example squidguard4.JPG

for "Destination" –--> customize as you like but leave Default access [all] and click save when finish. (squidguard5.JPG)

go to General Stting tab and click apply button to restart squid (and squidGuard too)

Note: Make sure in Service>Proxy server>Access Control –-->    the allow subnet is/are the same with (17)  (subnet = network address/Masks bit)

The End

BTW it took me about 3 to 4 months to figure this out by looking here and there in the forum.  :)

squidguard1.JPG
squidguard1.JPG_thumb
squidguard2.JPG
squidguard2.JPG_thumb
squidguard3.JPG
squidguard3.JPG_thumb
squidguard4.JPG
squidguard4.JPG_thumb
squidguard5.JPG
squidguard5.JPG_thumb

Well, looks like it was something at the ISP side of things.  According to a tech rep, the IP assigned to our WAN interface was conflicting with someone else's subnet.

They didn't elaborate.  The traceroute with the third hop stuttering isn't fixed but at least now I can get to the packages.

Search before posting. There is already 3+ threads about this.

Can i know how to block user from downloading file from internet. can I use squidguard for this?

Possible. Create Destination item with expression
.*.(zip|rar|cab|mp3|avi|mpg|swf|exe|mpeg|mpv)

ps not add to this .com - this blocked www.xxxx.com zone

I hate to say it but for contentfiltering in transparent mode you might want to look at http://www.untangle.com/ to do this particular job.

@dvserg:

@igorhmm:

I've upload the blacklist again and changed the permissions.. now is working perfectly !!!

You change permission manually or all changed auto?
(This info need for solve possible bugs)

I did manually:

chmod -R 755 /var/db/squidGuard/usr /local/etc/squidGuard chown -R proxy:proxy /var/db/squidGuard/usr /local/etc/squidGuard

thanks :D

The only entry in /etc/crontab is shown in the original post.  There is no expiretable entry.  I remember that used to be present in my snort installs in the 1.1 days.

So snort is still using cron to expire rules?  I must have been mistaken that the expire mechanism was changed.

@hoba:

Frickin never worked the way we wanted it to work but ermal is working on a new patch for pptp that hopefully will fix pptp once and for all without the need of a package.

This will be the best solution… I hope that this patch will be ready soon.

Thanks you.
Very mach english symbols - big work for my translator. (  ;D )

@submicron:

I hate to be that guy but you realize that the urlblacklist isn't free for download and that they expect you, on your honor, to pay for it, right?  If you are just blindly downloading and using it, especially for a commercial endeavor, you are most certainly violating their terms of service.

Hi Submicron

Good point, and yes, I AM paying for it, payed for 6 months right away :-)
It is used for my home setup, to protect my children, but it's a very relevant point to emphasize that it's a service you should pay for!

I wish I knew what the difference is… I am planning to convert to "PBX in a Flash" soon to see if it will fix issues I am having with poor sound quality on IAX calls but I get occasional one-way audio with SIP and pfSense. the interesting thing is that the one-way audio goes away after about 10 seconds and it works for a little bit and then I get it again. The 10 seconds appears to be related to the externrefresh=10 setting.

BTW... I am using voipstreet for SIP and IAX but I had the same one-way audio problems with Broadvoice a year or so ago.

Mike