Unofficial E2guardian package for pfSense

Mr. Jingles

@Mr.:

Sorry to ask, Marcello, but how do install from unofficial repo? pkg install and then…?

Just enabled the Unofficial repo following instructions from the first post and then go to GUI under system -> package manager

Thank you Marcelloc, that worked :-*

A final question: how do I reverse this?

fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.conf

Simply remove```
/usr/local/etc/pkg/repos/Unofficial.conf

marcelloc

@Mr.:

Simply remove```
/usr/local/etc/pkg/repos/Unofficial.conf

Yes

pfsensation

@marcelloc:

Resources exhausted? Memory or cpu?

I have no idea, got 2GB RAM, usage is sitting around 29% normally, sometimes slightly more. And I am using a Core 2 duo E8500, the load averages are low 0.08, goes to 0.29 or thereabouts max.
Should I try limiting HTTP workers? Currently I have this at 1000.

EDIT:

Made it 500, lets see if it works better. This is weird because on the older version I had 1000 with no problems.

jetberrocal

https://groups.google.com/forum/#!topic/e2guardian/-HMI87DsGqI

This is first stable release of E2Guardian V4.

Only required bug and security fixes will be applied in the v4.1.x point releases.

V4 is written in C++11 and uses threads, in order to make e2guardian scaleable to very large systems.

This version (v4.0 dev & v4.1 stable) is largely backward compatible with v3 configuration files.

Testing is showing an increase in speed and a big reduction in memory usage, as well as almost instant list reload with no interruption to service.

A big thanks to everyone who has contributed to getting this new release production-ready in such a short time.

Please see notes/NEWIN_v4 for details, and before trying to configure or compile.

I guess you need less workers than version 3.x

marcelloc

I've pushed version 0.3 of the gui package to the Unofficial repo.

what's new:

ready to use internal parent proxy
watchdog script

If you are not going to use user authentication, there is no need to install squid package. But if you need, you can install squid package and configure e2g as a parent(sandwich mode).

Note: SSL settings from general tab was moved to daemon tab. Check your config after package update.

e2g_03.PNG_thumb

pfsensation

@marcelloc:

I've pushed version 0.3 of the gui package to the Unofficial repo.

what's new:

ready to use internal parent proxy

watchdog script

If you are not going to use user authentication, there is no need to install squid package. But if you need, you can install squid package and configure e2g as a parent(sandwich mode).

Note: SSL settings from general tab was moved to daemon tab. Check your config after package update.

Awesome just updated! Regarding the block page did you suggest it? Or want me to suggest it?

marcelloc

@pfsensation:

Awesome just updated! Regarding the block page did you suggest it? Or want me to suggest it?

Not yet.

@pfsensation:

Or want me to suggest it?

If you know how to pull requests on git, sure?

I was "merging" reports to include the mini help that comes with default template.

This error page looks professional and modern. :)

PS: -HOST- is still crashing the daemon, at least on BSD. So its better to do not include it on default template.

jetberrocal

@marcelloc:

PS: -HOST- is still crashing the daemon, at least on BSD. So its better to do not include it on default template.

Sorry to ask, I am not familiar with the template parameters.

Is this the blocked site or what?

marcelloc

@jetberrocal:

Is this the blocked site or what?

I guess it's the client hostname.

Cino

With last verison, I'm getting a crash report since /usr/local/etc/e2guardian/lists/bannedsitewithbypasslist doesn't exist.


				Crash report begins.  Anonymous machine information:

amd64
10.3-RELEASE-p19
FreeBSD 10.3-RELEASE-p19 #152 4b68fbd17(RELENG_2_3): Mon Jun 12 14:34:51 CDT 2017     root@ce23-amd64-builder:/builder/pfsense/tmp/obj/builder/pfsense/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[14-Jun-2017 20:30:54 EST5EDT] PHP Warning:  file_get_contents(/usr/local/etc/e2guardian/lists/bannedsitewithbypasslist.Default): failed to open stream: No such file or directory in /usr/local/pkg/e2guardian.inc on line 920
[14-Jun-2017 20:30:54 EST5EDT] PHP Stack trace:
[14-Jun-2017 20:30:54 EST5EDT] PHP   1\. {main}() /etc/rc.start_packages:0
[14-Jun-2017 20:30:54 EST5EDT] PHP   2\. sync_package() /etc/rc.start_packages:90
[14-Jun-2017 20:30:54 EST5EDT] PHP   3\. eval() /etc/inc/pkg-utils.inc:698
[14-Jun-2017 20:30:54 EST5EDT] PHP   4\. sync_package_e2guardian() /etc/inc/pkg-utils.inc(698) : eval()'d code:1
[14-Jun-2017 20:30:54 EST5EDT] PHP   5\. file_get_contents() /usr/local/pkg/e2guardian.inc:920
[14-Jun-2017 20:30:54 EST5EDT] PHP Warning:  file_get_contents(/usr/local/etc/e2guardian/lists/bannedsitewithbypasslist.KidsNet): failed to open stream: No such file or directory in /usr/local/pkg/e2guardian.inc on line 920
[14-Jun-2017 20:30:54 EST5EDT] PHP Stack trace:
[14-Jun-2017 20:30:54 EST5EDT] PHP   1\. {main}() /etc/rc.start_packages:0
[14-Jun-2017 20:30:54 EST5EDT] PHP   2\. sync_package() /etc/rc.start_packages:90
[14-Jun-2017 20:30:54 EST5EDT] PHP   3\. eval() /etc/inc/pkg-utils.inc:698
[14-Jun-2017 20:30:54 EST5EDT] PHP   4\. sync_package_e2guardian() /etc/inc/pkg-utils.inc(698) : eval()'d code:1
[14-Jun-2017 20:30:54 EST5EDT] PHP   5\. file_get_contents() /usr/local/pkg/e2guardian.inc:920

No FreeBSD crash data found.

the code starting on line 517 doesn't look to right. Looks like the section was copied from above but not all the parameters were change to make it unique. Should it be bannedsitelistwithbypass or bannedsitewithbypasslist?

marcelloc

Should be bannedsitewithbypasslist on package. The default name from the added feature in e2g differs from other files. I'll check when I get home.

marcelloc

@Cino:

With last verison, I'm getting a crash report since /usr/local/etc/e2guardian/lists/bannedsitewithbypasslist doesn't exist.

I did a clean install but I"m not getting crashes. The sample file is empty but it's there.

Did you saved config again and then applied just to be sure package is not trying to run with default conf files?

I'm editing e2guardian.inc to fix the empty sample file and will push soon to the repo.

Cino

thank you marcelloc! I did an update, and no more crash reports for the missing files.

marcelloc

I've pushed version 0.4 of the gui package to the Unofficial repo.

what's new:

time based acls using pfSense schedules

Note: acls now have a schedule field. check if they are not going to assume the first system schedule you have on your pfSense.

The update process when schedule expires send a soft HUP to the process, so active sessions will keep current ACLs. a CTRL+F5 may force a new session on browser.

You can create specific acls and apply them under groups.
For example, create a site acl with only banned checkbox selected and social network blacklist applied to working hours. then select both default and this new site acl under groups.
This way, you will have default acl all the day + social media blocked during work hours.

e2g_04.PNG_thumb

pfsensation

@marcelloc:

I've pushed version 0.4 of the gui package to the Unofficial repo.

what's new:

time based acls using pfSense schedules

Note: acls now have a schedule field. check if they are not going to assume the first system schedule you have on your pfSense.

The update process when schedule expires send a soft HUP to the process, so active sessions will keep current ACLs. a CTRL+F5 may force a new session on browser.

You can create specific acls and apply them under groups.
For example, create a site acl with only banned checkbox selected and social network blacklist applied to working hours. then select both default and this new site acl under groups.
This way, you will have default acl all the day + social media blocked during work hours.

Sweet updated!!

Could you make some slight modifications so that by default it's set to "always" rather than any other schedule you have within pfsense.

Also, regarding the block page. I will submit it soon via pull.

marcelloc

@pfsensation:

Could you make some slight modifications so that by default it's set to "always" rather than any other schedule you have within pfsense.

A clean install create all default acls with 'always active'. But the code accepts blank field as always active to do not break things.

pfsensation

@marcelloc:

@pfsensation:

Could you make some slight modifications so that by default it's set to "always" rather than any other schedule you have within pfsense.

A clean install create all default acls with 'always active'. But the code accepts blank field as always active to do not break things.

I tried a clean install for a friend and it automatically set the ACL's to one of the schedules he had on his pfSense box.

Just a heads up, I have already sent a pull request to E2Guardian with the new block page. Hopefully it'll be implemented! :)

pfsensation

It's official! My block page code was merged into E2 Guardian official sources! Now everyone should be able to enjoy the new modernised block page by default. 8) 8) 8)

marcelloc

Great !!!!

marcelloc

I've pushed to e2guardian repo a php version of the new template and updated the perl version of the report.

With new php report, fully report works on pfSense together with wpad package.

https://github.com/e2guardian/e2guardian/pull/236

To use report fully option before it get on e2guardian and on e2guardian pfSense package, you can download the file directly from git.

e2gerror.php
https://raw.githubusercontent.com/marcelloc/e2guardian/25d06e7416c5f77c859a96988b102e76a4f09bae/data/e2gerror.php

Do not forget to add the webhost with e2gerror.php on exception site list.