Maybe a "proxy.pac" file or "wpad.dat" would be an option. (create one in the usr/local/www folder and make a symb-link for the other)
There are topics on how to serve this pac-file via extra http-service on port 80 in combination with DHCP and have the pfsense GUI run on https.

How successful it will be that depends on how you roll out DCHP (additional option 252, text, location of proxy.pac) and if users are allowed to change their internet settings regarding proxy settings.
You filter https or facebook requests to be redirected to a "denied page".

Example "proxy.pac"

function FindProxyForURL(url, host) {   url = url.toLowerCase();   host = host.toLowerCase();   isHttp = (url.substring(0,5) == "http:");   isHttps = (url.substring(0,6) == "https:") // If the requested website is hosted within the internal network, send direct.     if (isPlainHostName(host) ||           shExpMatch(host, "*.home") ||           shExpMatch(host, "*.local") ||           isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||           isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||           isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||           isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0")) { return "DIRECT"; } // Forward non-http(s) and some hosts to forward proxy (or DIRECT (or access denied page?)) if((!isHttp && !isHttps) // Skip all non http(s)   || dnsDomainIs(host, "microsoft.com")   || dnsDomainIs(host, "windowsupdate.com")   || dnsDomainIs(host, "eset.com")   || dnsDomainIs(host, "mcafee.com") // McAfee   || dnsDomainIs(host, "siteadvisor.com") // McAfee   || dnsDomainIs(host, "hackerwatch.com") // McAfee   || dnsDomainIs(host, "hackerwatch.org") // McAfee   || dnsDomainIs(host, "avg.com")   || dnsDomainIs(host, "grisoft.cz")   || dnsDomainIs(host, "avgfree.com")   || dnsDomainIs(host, "avg.cz")   || dnsDomainIs(host, "symantecliveupdate.com")   || dnsDomainIs(host, "thawte.com")) { return "DIRECT"; } if (isHttps)   // Skip HTTPS (or return access denied page?) { return "DIRECT"; } // Otherwise, go through our proxy or if it fails, through bypass return "PROXY 192.168.0.1:3128; DIRECT"; }

Or you could try a squidguard filter with a redirect page, maybe add a "proxy-list" and "VPN-service-list" to the block list there so users won't be able to use or search for anonimous-proxy or VPN's to circumvent the restrictions.

I think I've found a semi-reliable way to reproduce the leak. But as this is an alix2d3 with 256mb box running extra stuff pushes it's memory limits tight.

If the interface goes away, the following code to never hit the cleanup path (can't find the source on the git repos, so from that post linked in the first post.):

  for(ifp = TAILQ_FIRST(&ifh); ifp; ifp = TAILQ_NEXT(&ifc, if_list))   {       n = kvm_read(kd, (u_long)ifp, &ifc, sizeof(ifc));       if(n<0)       {         fprintf(stderr, "Error: kvm_read(element): %s\n", kvm_geterr(kd));         kvm_close(kd);         return -1;       }       if(strcmp(ifname, ifc.if_xname) == 0)       {         data->opackets = ifc.if_data.ifi_opackets;         data->ipackets = ifc.if_data.ifi_ipackets;         data->obytes = ifc.if_data.ifi_obytes;         data->ibytes = ifc.if_data.ifi_ibytes;         data->baudrate = ifc.if_data.ifi_baudrate;         kvm_close(kd);         return 0;       }   } }

Note; there is no kvm_close(kd) if the interface isn't matched.

I guess the package isn't being restarted in some conditions when the interface derps.

pfSense recreates everything at boot time from data in its own config.xml - which is where all the GUI settings are saved. If you change any package conf file from the command line, the change will be lost when you reboot, or some other event happens that makes pfSense restart all the packages. You have to find a way to do your settings using the GUI provided with the package.

Nope that is an entirely different problem

A mistake on my part apologies on that - but fixed.

Hi,
I still haven't found a solution to the problem.
I can't Uninstall squid using console but I can Uninstall it using web gui. I need to Uninstall it using console.
Someone Can help me to find a solution.
Thanks

@petzi:

@bryan.paradis:

So you have received just one email from cron complaining that vnstat couldn`t create backups? Is it possible that the dyndns set the filesystem back to Read only after the vnstat script set it to read write and so it failed? This script gets run every minute by cron so I guess this may be possible that the timing just aligned perfectly.

I've no idea. Probably mounting rw/ro isn't logged.

If it happened only once? It must have been the fluke lining up of filesystem getting switched back after the rw call was made by the script.

@JWTrance:

Thanks for the new Suri package, been looking forward to this for a bit. :)

Feel free to disregard, but I was wondering how hard it would be to implement an options tab similar to the oldschool Snort IDSControl Center (see example)

I like the idea of being able to quick select options for a custom starting command line and then being able to save that Suri/Snort profile for later use.

Be on the lookout for a substantial update to the Suricata package to be posted sometime over the next few days. I will be submitting the Pull Request shortly.  This will be version v0.2-BETA of the package.  There are lots of bug fixes and some other enhancements (such as an included Dashboard Widget, better rule update management and logging, and a Bro output option for Barnyard2).

As for some control over command-line options, that is certainly possible.  Right now a fair number of parameters are configurable in the GUI and then provided to the Suricata binary via the suricata.yaml conf file.  Are there some Suricata-specific command-line options you need that are not available in the GUI?  If so, post a list and I will see what I can do.

Bill

Bump? Really want to have this working, It worked before hand on my netbook setup, but not now ? :(

yeah and the other vpns.

dont work!

I think I have the wrong or your system dosent work

I've addes my screenshoots.

snort_log1.jpg
snort_log1.jpg_thumb
snort_log2.jpg
snort_log2.jpg_thumb

It works now in standard and parent mode. my problem was slow download process at update time.

https://forum.pfsense.org/index.php?action=post;quote=398495;topic=43687.270

@serialdie:

Under –- System ----- User Manager

Add the user clamav.

Worked for me.

woo hoo! thanks!

Did you have it set to GW on your LAN? Or Like was your interface setup?

After further review of older threads I noticed that tftpd was listening on 127.0.0.1  I added an internal UDP portforward to 69 and everything works now.