Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unofficial E2guardian package for pfSense

    Scheduled Pinned Locked Moved Cache/Proxy
    1.2k Posts 71 Posters 1.5m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jetberrocal
      last edited by

      @marcelloc:

      Do not enable MITM for transparent proxy users with a group on e2guardian and keep it intercepting for  WPAD/configured users.

      I am confused.

      I know I cant use mitm in transparent mode but you keep recommending to use squid in transparent mode splice-all to protect e2g from bad form ssl sites because e2g still crashes very often without it.

      And now your still recommending to use this mode to be able to use squid cache features for https sites.

      So I am concluding that e2g content filtering for https is not available as this wont work with squid cache nor squid splice-all protection.

      1 Reply Last reply Reply Quote 0
      • P
        pfsensation
        last edited by

        @jetberrocal:

        @marcelloc:

        Do not enable MITM for transparent proxy users with a group on e2guardian and keep it intercepting for  WPAD/configured users.

        I am confused.

        I know I cant use mitm in transparent mode but you keep recommending to use squid in transparent mode splice-all to protect e2g from bad form ssl sites because e2g still crashes very often without it.

        And now your still recommending to use this mode to be able to use squid cache features for https sites.

        So I am concluding that e2g content filtering for https is not available as this wont work with squid cache nor squid splice-all protection.

        I'm having the same experience Jetberrocal. Thought it was me not understanding.

        However I wanted to add a couple things, won't Squid MITM interfere with E2Guardian? I tried this once and Squid couldn't even give usable forged certificates. It wasn't setting SUBJECT ALTERNATIVE Name and I was unable to browse https sites.

        OH, and YES MITM can be used transparently. However the certificate will still need to be installed, I've seen it on smoothwall. I am able to just install the certificate and browse without messing with proxy settings or wpad.
        My idea was actually to get all devices in the home using mitm, and all guests using non mitm filtering.

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          The squid daemon after e2guardian protects it from crashing. This is one point that I do not recommend disabling (automatic mode) until we identify and open an issue on e2guardian project.

          This will cover almost all configuration together with wpad.

          Any extra configuration can be done together with this initial setup.

          For basic squid authentication methods that e2guardian is able to handle (according to it's documentation) can be configured replacing automatic parent with squid package behind e2guardian (keeping ssl on with splice all mode)

          For transparent proxy setups, e2guardian MITM cannot be used because this feature is not implemented yet(will be on 5.0). If you need transparent mode for http and https, use squid with splice all from squid package. In this setup, you can use e2guardian acls configuring squid to send connections to it after transparent rules get client connection.

          Caching is something IMHO useless with most web content dynamic but squid memory cache is something that I still Configure on both squids (automatic parent or squid package)

          Hope I could make myself clear about proxy features and configuration using e2guardian package.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            @pfsensation:

            I am still waiting on that bug with blacklisted sites not showing category to be fixed.  Thanks again for porting this over to pfSense, and keeping everything free, accessible and open source!

            Found how to show it. Each blacklist file needs the listcategory definition inside it. Editing /usr/local/etc/e2guardian/lists/blacklists/porn/domains and including #listcategory: "Porn Banned Sites" shows the category on block page.

            The default shallalist doesn't has it ou their files. I'll workaround it during apply config or blacklist fetch.

            ![site category.PNG](/public/imported_attachments/1/site category.PNG)
            ![site category.PNG_thumb](/public/imported_attachments/1/site category.PNG_thumb)

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • P
              pfsensation
              last edited by

              @marcelloc:

              @pfsensation:

              I am still waiting on that bug with blacklisted sites not showing category to be fixed.  Thanks again for porting this over to pfSense, and keeping everything free, accessible and open source!

              Found how to show it. Each blacklist file needs the listcategory definition inside it. Editing /usr/local/etc/e2guardian/lists/blacklists/porn/domains and including #listcategory: "Porn Banned Sites" shows the category on block page.

              The default shallalist doesn't has it ou their files. I'll workaround it during apply config or blacklist fetch.

              Awesome if you can properly add this. I can improve my block page further and push it out on Github.

              I'm realising one big problem, every five days my pfSense just crashes. This has happened for the second time now. Squid is on splice all, I don't understand why. 4.1 E2G is giving me such a love and hate relationship with it. But even then it's way better than Squid Guard, which is shocking.

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                The system crash maybe related to memory or system resources exhausted. The crash I'm getting without splice all are just daemon Segmentation fault.

                Try to "refresh" process every two days for example with a script on cron and see if these dumps stop happening.

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • P
                  pfsensation
                  last edited by

                  @marcelloc:

                  The system crash maybe related to memory or system resources exhausted. The crash I'm getting without splice all are just daemon Segmentation fault.

                  Try to "refresh" process every two days for example with a script on cron and see if these dumps stop happening.

                  The max my entire memory usage goes to is 50% average 20% on top of that cpu utilisation is very low. Usually 0.20 load average on a multi core processor.

                  Also I decreased HTTP workers after last time to 200. I don't think it's a utilisation problem at all, because it happens only after 5 days always.

                  1 Reply Last reply Reply Quote 0
                  • P
                    pfsensation
                    last edited by

                    Hmm what happened to this thread? :o

                    Marcelloc, I'm considering reinstalling everything and starting from scratch. I really don't know what's going on, since I installed E2guardian 4. I'm getting sudden crashes, dhcp stops working. It's really doing my head in. Can I take a backup of my setup, and reinstall pfsense then restore it? I'm asking this again because obviously WPAD and E2guardian packages are both on your unofficial repo.

                    Also if I restore, I can use the existing certificates right? No need to generate new ones.

                    Edit : I've tried running a couple fsck's still no joy.

                    1 Reply Last reply Reply Quote 1
                    • marcellocM
                      marcelloc
                      last edited by

                      With the xml backup, you can restore everything.

                      Before you restore the backup, enable the Unofficial repo.

                      Do you have another hardware to test?

                      Treinamentos de Elite: http://sys-squad.com

                      Help a community developer! ;D

                      1 Reply Last reply Reply Quote 0
                      • P
                        pfsensation
                        last edited by

                        @marcelloc:

                        With the xml backup, you can restore everything.

                        Before you restore the backup, enable the Unofficial repo.

                        Do you have another hardware to test?

                        No I haven't got other hardware to test, but I may try in a VM.

                        I am getting this if I try updating via console :
                        pkg: Repository Unofficial load error: access repo file(/var/db/pkg/repo-Unofficial.sqlite) failed: No such file or directory

                        I tried reinstalling the repo. That seemed to fix it.

                        Is E2Guardian really working perfectly for you and fully stable?

                        1 Reply Last reply Reply Quote 0
                        • P
                          pfsensation
                          last edited by

                          I got to a point where the constant crashes got so annoying. I completely backed up everything via the webUi on pfSense, then reinstalled pfSense. Once reinstalled, I clicked through the installer, enabled the unofficial repository, restored my backup.

                          And now we're back to square one, I am beginning to think E2Guardian is really messed up. And it has nothing to do with me having corrupt files or anything like that.

                          To begin with, E2Guardian isn't even starting, and yes I got the blacklist…

                          Jul 17 14:05:45	php-fpm	14191	/pkg_edit.php: Starting E2guardian
                          Jul 17 14:05:46	php-fpm	27416	/pkg_edit.php: Restarting e2g by sending -Q action to e2g binaries
                          Jul 17 14:05:50	e2guardian	27174	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:05:50	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:05:50	php-fpm	14191	/pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Starting e2guardian. Error opening/creating log file. (check ownership and access rights). I am running as clamav and I am trying to open /var/log/e2guardian/access.log /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian'
                          Jul 17 14:05:51	e2guardian	27743	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:05:55	e2guardian	28982	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:05:55	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:06:15	check_reload_status		Syncing firewall
                          Jul 17 14:06:20	php		/etc/rc.packages: Beginning package installation for E2guardian4 .
                          Jul 17 14:06:20	check_reload_status		Syncing firewall
                          Jul 17 14:06:20	php		/etc/rc.packages: [E2guardian] - Save settings package call pr: bp:1 rpc:no
                          Jul 17 14:06:20	check_reload_status		Syncing firewall
                          Jul 17 14:06:21	php		/etc/rc.packages: [E2guardian] - Save settings package call pr: bp:1 rpc:no
                          
                          
                          Time	Process	PID	Message
                          Jul 17 14:06:57	check_reload_status		Syncing firewall
                          Jul 17 14:07:02	e2guardian	68196	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:07:02	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:07:05	e2guardian	70947	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:07:05	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:07:19	e2guardian	1958	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:07:19	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:07:34	e2guardian	6191	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:07:34	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:07:49	e2guardian	8308	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:07:49	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:08:04	e2guardian	10433	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:08:04	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:08:05	e2guardian	13336	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:08:05	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:08:19	e2guardian	43872	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:08:19	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:08:20	e2guardian	45145	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:08:20	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:08:34	e2guardian	51342	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:08:34	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:08:49	e2guardian	53350	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:08:49	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:09:04	e2guardian	55584	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:09:04	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:09:04	e2guardian	58324	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:09:05	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:09:12	php-fpm	59986	/pkg_edit.php: Starting E2guardian
                          Jul 17 14:09:12	php-fpm	91139	/pkg_edit.php: Restarting e2g by sending -Q action to e2g binaries
                          Jul 17 14:09:22	e2guardian	91549	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:09:22	e2guardian	90889	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:09:22	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          
                          Jul 17 14:16:58	php-fpm	33206	/pkg_edit.php: Starting E2guardian
                          Jul 17 14:16:59	php-fpm	57665	/pkg_edit.php: Restarting e2g by sending -Q action to e2g binaries
                          Jul 17 14:17:00	php-fpm	61687	/pkg_edit.php: Restarting e2g by sending -Q action to e2g binaries
                          Jul 17 14:17:08	e2guardian	57477	Error opening/creating log file. (check ownership and access rights).
                          Jul 17 14:17:08	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          Jul 17 14:17:08	php-fpm	33206	/pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Starting e2guardian. Error opening/creating log file. (check ownership and access rights). I am running as clamav and I am trying to open /var/log/e2guardian/access.log /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                          

                          Marcello, PLEASE HELP ME GET THE DAMN THING WORKING AT A STABLE LEVEL AGAIN. I was extremely happy with E2Guardian 3.5.1, yes it had a few hiccups but nothing as bad as the entire service not starting or it causing kernel panics…

                          PS: For the record, I also tried on a VM. Same problem, so there is defintely something messed up. Please look into it, I believe even others lost interest in this after battling it so long.

                          1 Reply Last reply Reply Quote 0
                          • marcellocM
                            marcelloc
                            last edited by

                            Change log folder permissions to fix 'Error opening/creating log '

                            chmod 755 /var/log/e2guardian

                            This is already fixed on the repository but I did not had time to build the  package with the fix.

                            https://github.com/marcelloc/Unofficial-pfSense-packages/commit/6d05335a361b0728c92d58f702c59942f929223a

                            https://github.com/marcelloc/Unofficial-pfSense-packages/commit/87f7d85500cfc9fd727755caf0af0f048dc33c47

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • P
                              pfsensation
                              last edited by

                              So I completely re-did everything from scratch without any restoration, and now E2Guardian installed and seems to be running as it is. It just goes to show that reinstallation wasn't properly cleaning out old files and whatnot.

                              I really hope this is the end of the problems, spent hours re-doing my entire home network, can you imagine if it was a business…Holy sh**.

                              1 Reply Last reply Reply Quote 0
                              • P
                                pfsensation
                                last edited by

                                Knew it was too good to be true…When enabling MITM E2Guardian crashes and I get this message...

                                Jul 17 18:07:29	e2guardian	37635	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/89/10/A3/
                                Jul 17 18:08:21	e2guardian	42062	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/24/23/4C/
                                Jul 17 18:08:21	e2guardian	42062	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/E7/68/28/
                                Jul 17 18:08:43	e2guardian	38076	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/EE/A5/29/
                                Jul 17 18:08:50	e2guardian	44549	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/EE/A5/29/
                                Jul 17 18:09:04	e2guardian	50240	I seem to be running already!
                                Jul 17 18:09:05	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
                                Jul 17 18:09:05	e2guardian	50373	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/EE/A5/29/
                                Jul 17 18:09:05	e2guardian	50373	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/EE/A5/29/
                                Jul 17 18:09:21	e2guardian	55323	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/EE/A5/29/
                                Jul 17 18:09:21	e2guardian	55323	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/EE/A5/29/
                                Jul 17 18:09:36	e2guardian	58136	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/EE/A5/29/
                                Jul 17 18:10:49	e2guardian	89063	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/34/C2/56/
                                Jul 17 18:10:58	e2guardian	59576	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/
                                Jul 17 18:11:08	e2guardian	41367	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/47/50/89/
                                Jul 17 18:11:21	e2guardian	44722	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/34/C2/56/
                                Jul 17 17:12:01	check_reload_status		Syncing firewall
                                

                                Changed permissions to 775, now working. This shouldn't be happening…It's been reported (and fixed?) I thought.

                                EDIT: Why do the unofficial packages keep disappearing off the "installed packages" widget? I noticed this mainly when I started using Multi-Wan, but strange because it doesn't seem to effect official packages, they show up just fine.

                                From now on I suggest you keep a old pfSense VM, which you don't wipe out everytime you test E2Guardian, instead one which you keep upgrading to the latest version. That's what most users will be doing, no one actually has the time to keep re-doing their entire network. It maybe quick on a VM, but in a production environment, it can take ages.
                                Static IP setup, WPAD setup, E2Guardian setup, any bandwidth limit setup, NATs, port forwards, rules….Etc, you get the idea, it becomes complicated and time consuming.

                                1 Reply Last reply Reply Quote 0
                                • K
                                  kenrutt
                                  last edited by

                                  Hey guys,
                                  I am a newbie here and don't know much, but I noticed the error listings in those log files.
                                  I had the same trouble. I figured out there is a problem with file and or directory permissions.
                                  I figured out how to change permissions and things worked a lot better. And that is with MITM working.

                                  1 Reply Last reply Reply Quote 0
                                  • marcellocM
                                    marcelloc
                                    last edited by

                                    @pfsensation:

                                    Awesome if you can properly add this. I can improve my block page further and push it out on Github.

                                    Just added to my project on github

                                    https://github.com/marcelloc/Unofficial-pfSense-packages/commit/dbe1d3fcb865b58e08cd2ed0be1a349f6321a45d

                                    Treinamentos de Elite: http://sys-squad.com

                                    Help a community developer! ;D

                                    1 Reply Last reply Reply Quote 0
                                    • marcellocM
                                      marcelloc
                                      last edited by

                                      @pfsensation:

                                      Knew it was too good to be true…When enabling MITM E2Guardian crashes and I get this message...

                                      Jul 17 18:07:29	e2guardian	37635	error creating certificate sub-directory: /usr/local/etc/e2guardian/ssl/generatedcerts/89/10/A3/
                                      

                                      Changed permissions to 775, now working. This shouldn't be happening…It's been reported (and fixed?) I thought.

                                      Fix file permissions on system instead of reinstalling it. I'll push a new version with permission fixes, categories on blacklist files and a warning when you have .Include lines on default e2guardian config files that are not present on filesystem.

                                      @pfsensation:

                                      EDIT: Why do the unofficial packages keep disappearing off the "installed packages" widget? I noticed this mainly when I started using Multi-Wan, but strange because it doesn't seem to effect official packages, they show up just fine.

                                      I have no idea. The repo files are there. I never saw github offline.

                                      @pfsensation:

                                      From now on I suggest you keep a old pfSense VM, which you don't wipe out everytime you test E2Guardian, instead one which you keep upgrading to the latest version. That's what most users will be doing, no one actually has the time to keep re-doing their entire network. It maybe quick on a VM, but in a production environment, it can take ages.
                                      Static IP setup, WPAD setup, E2Guardian setup, any bandwidth limit setup, NATs, port forwards, rules….Etc, you get the idea, it becomes complicated and time consuming.

                                      What I understood from other posts you did it to see if a clean install will not core dump you SO every 5 days. There is no need to clean and redo all configuration every time.
                                      I'm improving the package and applying every binary fixes form e2guardian project to pfSense package. So, some times, while trying to improve or fix something may get a regression on other part. The 3.5.1 package version is the same for a long time as I understand it's in a stable state with as much as v3.5 can offer.

                                      According to e2guardian project, v5 will be there soon and since it gets available, I'll stop improving v4 package and start migrating gui and conf files to v5 and I hope the transparent ssl gets implemented as soon as v5 is released.

                                      This project is really big and take me a lot of free time to maintain until it gets stable and complete enough for a pull request on official repo.

                                      I'm also the maintainer of the e2guardian port on freebsd ports.

                                      Treinamentos de Elite: http://sys-squad.com

                                      Help a community developer! ;D

                                      1 Reply Last reply Reply Quote 0
                                      • marcellocM
                                        marcelloc
                                        last edited by

                                        Pushed 0.4.2.6 to Unofficial repo.

                                        This version includes:

                                        • Categories on blacklist files

                                        • Fix file permission regression

                                        • Check for missing include files selected from default sample e2guardian config files on acl save.

                                        • E2guardian binary version 4.1.2

                                        If you have any issues updating, installing or reinstalling, check on console or system logs what errors you are receiving.

                                        if its related to permissions, try

                                        chmod 755 /usr/local/etc/e2guardian/ssl
                                        chmod 755 /var/log/e2guardian
                                        

                                        if you get config dirs missing or openssl libs, try to force a binaries package reinstall from console with

                                        pkg install -f e2guardian
                                        

                                        Do not forget to apply the blacklist, check config on gui, save and apply.

                                        Treinamentos de Elite: http://sys-squad.com

                                        Help a community developer! ;D

                                        1 Reply Last reply Reply Quote 0
                                        • P
                                          pfsensation
                                          last edited by

                                          @marcelloc:

                                          Pushed 0.4.2.6 to Unofficial repo.

                                          This version includes:

                                          • Categories on blacklist files

                                          • Fix file permission regression

                                          • Check for missing include files selected from default sample e2guardian config files on acl save.

                                          • E2guardian binary version 4.1.2

                                          If you have any issues updating, installing or reinstalling, check on console or system logs what errors you are receiving.

                                          if its related to permissions, try

                                          chmod 755 /usr/local/etc/e2guardian/ssl
                                          chmod 755 /var/log/e2guardian
                                          

                                          if you get config dirs missing or openssl libs, try to force a binaries package reinstall from console with

                                          pkg install -f e2guardian
                                          

                                          Do not forget to apply the blacklist, check config on gui, save and apply.

                                          So I just upgraded to the latest 0.4.2.6, via the upgrade button on package manager. Immediately after the upgrade finished I downloaded the black list again, and re applied the configuration. Then I tried going to a blocked site to see it the black list categories showed… To my surprise nope. So I tried completely uninstalling and installing again, then checked the black listed sites again. Still no joy.

                                          Reinstalled again, tried again, no categories shown on black list still... So then I decided to completely stop E2Guardian. So I unchecked the checkmark which says "Enable or disable E2Guardian service", and turned off the watch dog script. To my surprise, E2 Guardian was still running even after re-applying configuration.

                                          This told me that the process wasn't being properly killed. I confirmed this by going to SSH and typing "top". And yep, E2 Guardian was still running when it shouldn't be, I killed it using the process ID. 
                                          Enabled E2Guardian from the GUI and enabled watch dog, went to a black listed sites and categories finally showed. However, very unclearly. It says said "porn" it should say Category: Porn clearly but that is a minor thing and can be fixed in the future.

                                          The problem I faced means a couple of things Marcello:

                                          • When upgrading old E2 Guardian isn't killed off before carrying out the update, which may lead to some files not correctly updating because they're in use or cause corruption. (Thought you addressed this before?)

                                          • Somehow you must make sure that old files are ALWAYS deleted off while retaining configs, by this I mean old binaries and left over junk (even phrase lists should always reinstall) in case of any updates.

                                          • Clean installing E2Guardian for the first time vs upgrading shouldn't cause problems. Because on my old install I upgraded from 3.5.1 and all test versions, many things may have become corrupted and I was getting core dumps. After a clean reinstall it seems better however I am worried I'll be in the same situation again. Therefore please make sure that you can do what you can go make sure files, update correctly and aren't getting corrupted. I will support you as much as I can but I need you to understand that by the word "Consistency" I mean old installs upgrading should work just as well as clean fresh installs on a pfsense box which never had E2Guardian before.

                                          I hope I've been clear, and I'd like to clarify that I really want E2Guardian to work and be a real solution to filtering on pfSense, but I hope you also understand that we can't still have basic problems like permission issues. When something is reported and supposedly fixed, it should stay fixed. :p

                                          Despite everything, you deserve thanks and appreciation for all your hard work. I know it's a big project, and I've even contributed some commits to help stop some overblocking yesterday.
                                          I'm willing to help you as much as I can, however could you please try to make sure that consistency is maintained as much as possible. So that people upgrading from older versions of E2 Guardian get the same experience as people installing it fresh (without any problems or having to keep reinstalling).

                                          1 Reply Last reply Reply Quote 0
                                          • marcellocM
                                            marcelloc
                                            last edited by

                                            Just updated on one of the e2guardian installations I have and blacklist category was applied to files after clicking "Re-apply current blacklist" without any other hack or pkg changes.

                                            tail -1 /usr/local/etc/e2guardian/lists/blacklists/*/domains

                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/adv/domains <==
                                            #listcategory: "adv"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/aggressive/domains <==
                                            #listcategory: "aggressive"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/alcohol/domains <==
                                            #listcategory: "alcohol"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/anonvpn/domains <==
                                            #listcategory: "anonvpn"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/chat/domains <==
                                            #listcategory: "chat"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/costtraps/domains <==
                                            #listcategory: "costtraps"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/dating/domains <==
                                            #listcategory: "dating"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/downloads/domains <==
                                            #listcategory: "downloads"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/drugs/domains <==
                                            #listcategory: "drugs"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/dynamic/domains <==
                                            #listcategory: "dynamic"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/fortunetelling/domains <==
                                            #listcategory: "fortunetelling"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/forum/domains <==
                                            #listcategory: "forum"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/gamble/domains <==
                                            #listcategory: "gamble"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/government/domains <==
                                            #listcategory: "government"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/hacking/domains <==
                                            #listcategory: "hacking"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/homestyle/domains <==
                                            #listcategory: "homestyle"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/hospitals/domains <==
                                            #listcategory: "hospitals"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/imagehosting/domains <==
                                            #listcategory: "imagehosting"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/isp/domains <==
                                            #listcategory: "isp"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/jobsearch/domains <==
                                            #listcategory: "jobsearch"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/library/domains <==
                                            #listcategory: "library"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/military/domains <==
                                            #listcategory: "military"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/models/domains <==
                                            #listcategory: "models"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/movies/domains <==
                                            #listcategory: "movies"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/music/domains <==
                                            #listcategory: "music"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/news/domains <==
                                            #listcategory: "news"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/podcasts/domains <==
                                            #listcategory: "podcasts"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/politics/domains <==
                                            #listcategory: "politics"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/porn/domains <==
                                            #listcategory: "porn"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/radiotv/domains <==
                                            #listcategory: "radiotv"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/redirector/domains <==
                                            #listcategory: "redirector"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/religion/domains <==
                                            #listcategory: "religion"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/remotecontrol/domains <==
                                            #listcategory: "remotecontrol"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/ringtones/domains <==
                                            #listcategory: "ringtones"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/searchengines/domains <==
                                            #listcategory: "searchengines"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/shopping/domains <==
                                            #listcategory: "shopping"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/socialnet/domains <==
                                            #listcategory: "socialnet"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/spyware/domains <==
                                            #listcategory: "spyware"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/tracker/domains <==
                                            #listcategory: "tracker"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/updatesites/domains <==
                                            #listcategory: "updatesites"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/urlshortener/domains <==
                                            #listcategory: "urlshortener"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/violence/domains <==
                                            #listcategory: "violence"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/warez/domains <==
                                            #listcategory: "warez"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/weapons/domains <==
                                            #listcategory: "weapons"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/webmail/domains <==
                                            #listcategory: "webmail"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/webphone/domains <==
                                            #listcategory: "webphone"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/webradio/domains <==
                                            #listcategory: "webradio"
                                            
                                            ==> /usr/local/etc/e2guardian/lists/blacklists/webtv/domains <==
                                            #listcategory: "webtv"
                                            
                                            

                                            @pfsensation:

                                            Enabled E2Guardian from the GUI and enabled watch dog, went to a black listed sites and categories finally showed. However, very unclearly. It says said "porn" it should say Category: Porn clearly but that is a minor thing and can be fixed in the future.

                                            I guess it's better to include the 'Category:' on html template.

                                            Treinamentos de Elite: http://sys-squad.com

                                            Help a community developer! ;D

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.