Unofficial E2guardian package for pfSense

marcelloc · Jun 13, 2017, 7:04 PM

Simply remove```
/usr/local/etc/pkg/repos/Unofficial.conf

Yes

pfsensation · Jun 13, 2017, 9:52 PM

Resources exhausted? Memory or cpu?

I have no idea, got 2GB RAM, usage is sitting around 29% normally, sometimes slightly more. And I am using a Core 2 duo E8500, the load averages are low 0.08, goes to 0.29 or thereabouts max.
Should I try limiting HTTP workers? Currently I have this at 1000.

EDIT:

Made it 500, lets see if it works better. This is weird because on the older version I had 1000 with no problems.

jetberrocal · Jun 14, 2017, 12:24 AM

https://groups.google.com/forum/#!topic/e2guardian/-HMI87DsGqI

This is first stable release of E2Guardian V4.

Only required bug and security fixes will be applied in the v4.1.x point releases.

V4 is written in C++11 and uses threads, in order to make e2guardian scaleable to very large systems.

This version (v4.0 dev & v4.1 stable) is largely backward compatible with v3 configuration files.

Testing is showing an increase in speed and a big reduction in memory usage, as well as almost instant list reload with no interruption to service.

A big thanks to everyone who has contributed to getting this new release production-ready in such a short time.

Please see notes/NEWIN_v4 for details, and before trying to configure or compile.

I guess you need less workers than version 3.x

marcelloc · Jun 14, 2017, 8:40 PM

I've pushed version 0.3 of the gui package to the Unofficial repo.

what's new:

ready to use internal parent proxy
watchdog script

If you are not going to use user authentication, there is no need to install squid package. But if you need, you can install squid package and configure e2g as a parent(sandwich mode).

Note: SSL settings from general tab was moved to daemon tab. Check your config after package update.

pfsensation · Jun 15, 2017, 3:42 PM

@marcelloc:

I've pushed version 0.3 of the gui package to the Unofficial repo.

what's new:

ready to use internal parent proxy

watchdog script

If you are not going to use user authentication, there is no need to install squid package. But if you need, you can install squid package and configure e2g as a parent(sandwich mode).

Note: SSL settings from general tab was moved to daemon tab. Check your config after package update.

Awesome just updated! Regarding the block page did you suggest it? Or want me to suggest it?

marcelloc · Jun 15, 2017, 4:03 PM

@pfsensation:

Awesome just updated! Regarding the block page did you suggest it? Or want me to suggest it?

Not yet.

@pfsensation:

Or want me to suggest it?

If you know how to pull requests on git, sure?

I was "merging" reports to include the mini help that comes with default template.

This error page looks professional and modern. :)

PS: -HOST- is still crashing the daemon, at least on BSD. So its better to do not include it on default template.

jetberrocal · Jun 15, 2017, 4:14 PM

@marcelloc:

PS: -HOST- is still crashing the daemon, at least on BSD. So its better to do not include it on default template.

Sorry to ask, I am not familiar with the template parameters.

Is this the blocked site or what?

marcelloc · Jun 15, 2017, 4:43 PM

@jetberrocal:

Is this the blocked site or what?

I guess it's the client hostname.

Cino · Jun 15, 2017, 7:22 PM

With last verison, I'm getting a crash report since /usr/local/etc/e2guardian/lists/bannedsitewithbypasslist doesn't exist.


				Crash report begins.  Anonymous machine information:

amd64
10.3-RELEASE-p19
FreeBSD 10.3-RELEASE-p19 #152 4b68fbd17(RELENG_2_3): Mon Jun 12 14:34:51 CDT 2017     root@ce23-amd64-builder:/builder/pfsense/tmp/obj/builder/pfsense/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[14-Jun-2017 20:30:54 EST5EDT] PHP Warning:  file_get_contents(/usr/local/etc/e2guardian/lists/bannedsitewithbypasslist.Default): failed to open stream: No such file or directory in /usr/local/pkg/e2guardian.inc on line 920
[14-Jun-2017 20:30:54 EST5EDT] PHP Stack trace:
[14-Jun-2017 20:30:54 EST5EDT] PHP   1\. {main}() /etc/rc.start_packages:0
[14-Jun-2017 20:30:54 EST5EDT] PHP   2\. sync_package() /etc/rc.start_packages:90
[14-Jun-2017 20:30:54 EST5EDT] PHP   3\. eval() /etc/inc/pkg-utils.inc:698
[14-Jun-2017 20:30:54 EST5EDT] PHP   4\. sync_package_e2guardian() /etc/inc/pkg-utils.inc(698) : eval()'d code:1
[14-Jun-2017 20:30:54 EST5EDT] PHP   5\. file_get_contents() /usr/local/pkg/e2guardian.inc:920
[14-Jun-2017 20:30:54 EST5EDT] PHP Warning:  file_get_contents(/usr/local/etc/e2guardian/lists/bannedsitewithbypasslist.KidsNet): failed to open stream: No such file or directory in /usr/local/pkg/e2guardian.inc on line 920
[14-Jun-2017 20:30:54 EST5EDT] PHP Stack trace:
[14-Jun-2017 20:30:54 EST5EDT] PHP   1\. {main}() /etc/rc.start_packages:0
[14-Jun-2017 20:30:54 EST5EDT] PHP   2\. sync_package() /etc/rc.start_packages:90
[14-Jun-2017 20:30:54 EST5EDT] PHP   3\. eval() /etc/inc/pkg-utils.inc:698
[14-Jun-2017 20:30:54 EST5EDT] PHP   4\. sync_package_e2guardian() /etc/inc/pkg-utils.inc(698) : eval()'d code:1
[14-Jun-2017 20:30:54 EST5EDT] PHP   5\. file_get_contents() /usr/local/pkg/e2guardian.inc:920

No FreeBSD crash data found.

the code starting on line 517 doesn't look to right. Looks like the section was copied from above but not all the parameters were change to make it unique. Should it be bannedsitelistwithbypass or bannedsitewithbypasslist?

marcelloc · Jun 15, 2017, 9:24 PM

Should be bannedsitewithbypasslist on package. The default name from the added feature in e2g differs from other files. I'll check when I get home.

marcelloc · Jun 16, 2017, 12:18 AM

@Cino:

With last verison, I'm getting a crash report since /usr/local/etc/e2guardian/lists/bannedsitewithbypasslist doesn't exist.

I did a clean install but I"m not getting crashes. The sample file is empty but it's there.

Did you saved config again and then applied just to be sure package is not trying to run with default conf files?

I'm editing e2guardian.inc to fix the empty sample file and will push soon to the repo.

Cino · Jun 16, 2017, 5:01 PM

thank you marcelloc! I did an update, and no more crash reports for the missing files.

marcelloc · Jun 16, 2017, 7:09 PM

I've pushed version 0.4 of the gui package to the Unofficial repo.

what's new:

time based acls using pfSense schedules

Note: acls now have a schedule field. check if they are not going to assume the first system schedule you have on your pfSense.

The update process when schedule expires send a soft HUP to the process, so active sessions will keep current ACLs. a CTRL+F5 may force a new session on browser.

You can create specific acls and apply them under groups.
For example, create a site acl with only banned checkbox selected and social network blacklist applied to working hours. then select both default and this new site acl under groups.
This way, you will have default acl all the day + social media blocked during work hours.

pfsensation · Jun 17, 2017, 2:47 PM

@marcelloc:

I've pushed version 0.4 of the gui package to the Unofficial repo.

what's new:

time based acls using pfSense schedules

Note: acls now have a schedule field. check if they are not going to assume the first system schedule you have on your pfSense.

The update process when schedule expires send a soft HUP to the process, so active sessions will keep current ACLs. a CTRL+F5 may force a new session on browser.

You can create specific acls and apply them under groups.
For example, create a site acl with only banned checkbox selected and social network blacklist applied to working hours. then select both default and this new site acl under groups.
This way, you will have default acl all the day + social media blocked during work hours.

Sweet updated!!

Could you make some slight modifications so that by default it's set to "always" rather than any other schedule you have within pfsense.

Also, regarding the block page. I will submit it soon via pull.

marcelloc · Jun 17, 2017, 4:22 PM

@pfsensation:

Could you make some slight modifications so that by default it's set to "always" rather than any other schedule you have within pfsense.

A clean install create all default acls with 'always active'. But the code accepts blank field as always active to do not break things.

pfsensation · Jun 17, 2017, 5:05 PM

@marcelloc:

@pfsensation:

Could you make some slight modifications so that by default it's set to "always" rather than any other schedule you have within pfsense.

A clean install create all default acls with 'always active'. But the code accepts blank field as always active to do not break things.

I tried a clean install for a friend and it automatically set the ACL's to one of the schedules he had on his pfSense box.

Just a heads up, I have already sent a pull request to E2Guardian with the new block page. Hopefully it'll be implemented! :)

pfsensation · Jun 18, 2017, 7:15 PM

It's official! My block page code was merged into E2 Guardian official sources! Now everyone should be able to enjoy the new modernised block page by default. 8) 8) 8)

marcelloc · Jun 18, 2017, 7:37 PM

Great !!!!

marcelloc · Jun 19, 2017, 1:30 AM

I've pushed to e2guardian repo a php version of the new template and updated the perl version of the report.

With new php report, fully report works on pfSense together with wpad package.

https://github.com/e2guardian/e2guardian/pull/236

To use report fully option before it get on e2guardian and on e2guardian pfSense package, you can download the file directly from git.

e2gerror.php
https://raw.githubusercontent.com/marcelloc/e2guardian/25d06e7416c5f77c859a96988b102e76a4f09bae/data/e2gerror.php

Do not forget to add the webhost with e2gerror.php on exception site list.

pfsensation · Jun 19, 2017, 4:35 AM

@marcelloc:

I've pushed to e2guardian repo a php version of the new template and updated the perl version of the report.

With new php report, fully report works on pfSense together with wpad package.

https://github.com/e2guardian/e2guardian/pull/236

To use report fully option before it get on e2guardian and on e2guardian pfSense package, you can download the file directly from git.

e2gerror.php
https://raw.githubusercontent.com/marcelloc/e2guardian/25d06e7416c5f77c859a96988b102e76a4f09bae/data/e2gerror.php

Do not forget to add the webhost with e2gerror.php on exception site list.

Won't the php version increase the load on the server? Or is it about the same as html as the place holders are still being changed?

Also report fully allows you to see the banned words right?

Furthermore, why was WPAD package conflicting with this? They're on different ports?

Sorry about the questions, still learning a lot. :p

So far I'm really enjoying E2 Guardian and am loving the team work and where it's going. However I feel the one thing that's missing is a way to quickly see what websites are being blocked.
For example in the pfsense GUI you created, it would be really nice to have a page where you can see what content is blocked, why it's blocked. What user is trying to access what content, and being able to apply filters such as "user with most blocked sites" or be able to type in the name of a category such as gambling. And being able to see who was trying to access gambling sites, from what internal IP, host name and what time they did to access it, and of course the URL.

Let me know if this can be done, I know some log files can be created. But this is a much simpler overall better way, and I'm sure other commercial products have this. I am also trying to help a friend move to E2 Guardian for their school network, in that scenario some sort of reporting with a page to quickly filter and find data is necessary. I really don't want to start suggesting bad methods of doing this such as using GREP.

But anyways, keep up the amazing work Marcello!