I also updated nut package, but have problem with upssched right now… :(

upsmon[3752]: UPS monk@127.0.0.1 on battery
upssched[30216]: Timer daemon started
upssched[30216]: Unknown command on socket:
upssched[30216]: arg 0: 15START
upssched[30216]: arg 1: onbatt
upssched[30216]: arg 2: 15
upssched[30215]: read confirmation got [ERR
[/quote]

looks like not only my problem
http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1051099.html

is there any chance to downgrade package?

@periko:

I had read a lot of docs but, is working, but is not counting the time right.

Someone here has this setting working?

Thanks!!!

You could try running freeradius in debug mode from console with "radiusd -X" and then pay attention on the accounting packets.
The CP must send the time attribute to the RADIUS server and it must be sent for the correct user.

CP is sending accounting packets every minute so the time must only increase by 60 seconds.

Perhaps you can try with pfsense 2.1 an compare if CP is working better with the newer code.

I have installed a fresh PFSENSE 2.01, i386 today. Installed SQUIDGUARD with no problems what so ever!
Thank you very much!

Thank you very much! That was the problem indeed :)

Thanks!

If squid is running in transparent mode and the website is httpS then you cannot block it.
If it is httpS you have to run squid in non-transparent mode.

SquidGuard can only block what squid is seeing.

To make sure your config works in general just block a simple webpage with http and test.

You can see what IP's have talked to what IP's, but if you want more detail than that your best option is to setup squid as a transparent proxy, and then use LightSquid and/or SARG which will geerate some pretty detailed reports of what computers/IP's have accessed what web sites, and will give exact URL's and whatnot.

:o I Had Planned On Doing This, I Can't Give You The Software As Its Paid (A Bit Of Google Searching You Can Find It) But I Will Do A Write-up On The Process Give Me A Few Days As It Is A Pain In The Butt Most Guides Are Pretty Outdated.

Thanks for the info igor I had figured by upgrading (which deinstalls) this would do the same.

Tried uninstalling, rebooting, and then installing again and so far my interface has remained up! :)

I will keep in an eye on it over the next while but looks like that did solve it.

Cheers!

@randy7:

Hello fellow command to delete the cache of squid full.thanks.

the same way you do on any linux/unix squid server.

stop the service, rm -rf on squid cache dir (default on pfsense to /var/squid/cache)

start squid.

You can add all the options you need by hand using the "custom options" box.
So if you need just a part of an option the GUI offers then enable it on the GUI, check the "squid.conf" file for the syntax you need and then go to GUI again, disable it there and add the part you need by hand in the "custom options" box. The GUI ist just a helper :-)

Yes, thats what I am wondering about, what rules would need to be entered.

This is the safequid rule, maybe it could be adapted somehow?

<profile><enabled>true</enabled>

<profile_tracing>true</profile_tracing>

<host>youtube.com</host>

<portrange></portrange>
           <urlcommand></urlcommand>

<requestheader></requestheader>
           <responseheader></responseheader>
           <month active="false"></month>
            <day active="false">1,31</day>
           <weekday active="false"></weekday>
            <hour active="false">0,23</hour>
            <minute active="false">0,59</minute>
            <matchmode>absolutetime</matchmode>
            <addprofiles>UNSAFE_YOUTUBE</addprofiles></profile>
        <profile><enabled>true</enabled>

<profile_tracing>true</profile_tracing>
            <profiles>UNSAFE_YOUTUBE</profiles>

<portrange></portrange>
           <urlcommand></urlcommand>

<requestheader>Cookie:.*PREF=.*f2=8000000</requestheader>
           <responseheader></responseheader>
           <month active="false"></month>
            <day active="false">1,31</day>
           <weekday active="false"></weekday>
            <hour active="false">0,23</hour>
            <minute active="false">0,59</minute>
            <matchmode>absolutetime</matchmode>
            <addprofiles>SAFE_YOUTUBE</addprofiles>
            <removeprofiles>UNSAFE_YOUTUBE</removeprofiles></profile>

<rewrite><enabled>true</enabled>
        <rewrite><enabled>true</enabled>

<profiles>UNSAFE_YOUTUBE</profiles>

<pattern>Cookie: ([^\r\n]*)</pattern>
            <replace>Cookie:$1; PREF=f2=8000000;\r\n</replace>
            <which>client</which></rewrite></rewrite>

great, that saved my life :) Had the same problem a while and didnt find a solution.

Just tried this in my virtual machine. Its true, if you delete wansuppress oder parts of it, you cannot add further sids to this suppress list…
Try to reinstall the snort package.. hope that helps

Been discussed before but still havent seen a resolution.

http://forum.pfsense.org/index.php/topic,51810.msg277499.html#msg277499

The WhiteList don't works for me too. Neither with networks or single IP adress.
I'm using PFSense 2.0.1 with Snort 2.9.2.3 pkg v.2.5.1.

After some days searching for solution I found a workaround that worked for me.
Add in Suppress List the networks in CIDR notation like that (example with 3 networks in supress list working as WhiteList):

suppress gen_id 0, sig_id 0, track by_src, ip [xxx.xxx.xxx.xxx/29,yyy.yyy.yyy.yyy/28,zzz.zzz.zzz.zzz/28]

Thanks, and sorry about originally posting in the wrong area.

Can you explain a little more or point me in the direction of where to look?  Is there any possibility of modifying the action to redirect the user to a remediation page or drop only the P2P traffic?  If we wanted to pay for support hours to cover the cost of developing this feature, how many hours would you estimate?

my wpad file looks like that as i don't want proxy for local and vpn servers

maybe this can help you

function FindProxyForURL(url, host) { // If IP address is internal or hostname resolves to internal IP, send direct.        var resolved_ip = dnsResolve(host);        if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||                isInNet(resolved_ip, "172.16.0.0",  "255.240.0.0") ||                isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||                isInNet(resolved_ip, "127.0.0.0", "255.0.0.0"))                return "DIRECT";        return "PROXY proxy.domain.lan:3128; DIRECT"; }

maybe you could also check the webserver logs to see if your hosts grab the wpad file