Unofficial E2guardian package for pfSense
-
I'm testing Youtube restricted with a specific group, I can't enable the restricted mode on the default group as that would drive all the adults crazy. Anything other than cartoons, or kiddy videos will be blocked on Youtube xD
Try adding all your network cidr on a group different from default. IIRC, this was one of the tests I did.
-
I'm testing Youtube restricted with a specific group, I can't enable the restricted mode on the default group as that would drive all the adults crazy. Anything other than cartoons, or kiddy videos will be blocked on Youtube xD
Try adding all your network cidr on a group different from default. IIRC, this was one of the tests I did.
Just tried this, unfortunately still no joy on the Desktop. Weird… I have tried multiple machines / VM's, none of them went to restricted mode. I don't know what would be the best way to log if the cname rewriting is working, I guess that would help.
-
A question is that a long time a go when dansguardian still was maintained is ident on each client and different lists, is this possible today?
Weak but possible. If you have control on what runs on client because protocol answers can be easily forged by most ident client.
When i come home tomorrow i will enable e2guardian and see and upgrade pfsense too.
Go for it, I upgraded today to 2.4.3, had to re-install E2 Guardian after the update, but since then it's been running without any major hiccups.
-
I am glad the maintainer of this modification and you are so active and actually use it too ;)
-
I wonder also if this e2guardian upgrades to the latest 5.0 beta ?
This upstream proxy in beta 5.0 will be useful for me because of HTTPSproxy and privoxy.
If you do not download the certificate it do not matter you can still browse internet but not be able to filter https but it filter ads on http. -
I wonder also if this e2guardian upgrades to the latest 5.0 beta ?
This upstream proxy in beta 5.0 will be useful for me because of HTTPSproxy and privoxy.
If you do not download the certificate it do not matter you can still browse internet but not be able to filter https but it filter ads on http.Yes, they are from the latest 5.0 version. Beta but much more stable then 4.1
-
Can you check out if this is real or fake squidblacklist
-
Can you check out if this is real or fake squidblacklist
Looks interesting, currently by default we're using ShallaList. If this one is better, it may be worth thinking about switching. Even though E2 Guardian does content scanning, having a good black list means it can save resources. If there are any blacklisted sites, it will block it immediately without spending precious CPU resources scanning the contents of the page.
@Marcelloc, what do you think? I know you've got a little VM environment setup for testing, would this work without causing any major issues? I'd try it myself, but I am out today, and have work tomorrow as the holidays are over.
-
E2guardian list is returning a 404 but the squid link ok.
https://www.squidblacklist.org/downloads/squid-malicious.acl
to use on e2guardian, just remove the fist . of each line.
this script will fetch the file and remove the .
#!/bin/sh list=/usr/local/etc/e2guardian/lists/squidblacklist.list /usr/bin/fetch -o $list https://www.squidblacklist.org/downloads/dg-malicious.acl /usr/local/sbin/e2guardian -Q
You can save this script on your pfsense and update it every day for example.
On e2guardian config, include it on your acl with this line
.Include
-
E2guardian list is returning a 404 but the squid link ok.
https://www.squidblacklist.org/downloads/squid-malicious.acl
to use on e2guardian, just remove the fist . of each line.
this script will fetch the file and remove the .
#!/bin/sh list=/usr/local/etc/e2guardian/lists/squidblacklist.list /usr/bin/fetch -o $list https://www.squidblacklist.org/downloads/dg-malicious.acl /usr/local/sbin/e2guardian -Q
You can save this script on your pfsense and update it every day for example.
On e2guardian config, include it on your acl with this line
.Include
I think it maybe best to wait for them to fix the issue before diving in. On first glance, how does it compare to ShallaList? Better?
-
I think it maybe best to wait for them to fix the issue before diving in
It's fixed now.
-
I think it maybe best to wait for them to fix the issue before diving in
It's fixed now.
On first glance, how does it compare to ShallaList?
ShallaList has more categories but I think it's not updated very often.
-
It is actually a paid service http://www.squidblacklist.org
-
Your script gave me
sh /usr/local/Scripts/Blacklist-update.sh : not foundScripts/Blacklist-update.sh: : Not Founds://www.squidblacklist.org/downloads/dg-malicious.acl /usr/local/Scripts/Blacklist-update.sh: /usr/local/sbin/e2guardian: Permission denied
So where do you place the script?
I do think i have some error as getting these errors to in GUI
Notices Filter Reload There were error(s) loading the rules: /tmp/rules.debug:20: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [20]: table <bogonsv6> persist file "/etc/bogonsv6" @ 2018-04-02 20:23:54 There were error(s) loading the rules: /tmp/rules.debug:20: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [20]: table <bogonsv6> persist file "/etc/bogonsv6" @ 2018-04-02 20:24:03 There were error(s) loading the rules: /tmp/rules.debug:20: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [20]: table <bogonsv6> persist file "/etc/bogonsv6" @ 2018-04-02 21:41:08
-
I do think i have some error as getting these errors to in GUI
Notices Filter Reload There were error(s) loading the rules: /tmp/rules.debug:20: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [20]: table <bogonsv6> persist file "/etc/bogonsv6" @ 2018-04-02 20:23:54 There were error(s) loading the rules: /tmp/rules.debug:20: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [20]: table <bogonsv6> persist file "/etc/bogonsv6" @ 2018-04-02 20:24:03 There were error(s) loading the rules: /tmp/rules.debug:20: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [20]: table <bogonsv6> persist file "/etc/bogonsv6" @ 2018-04-02 21:41:08
this error is related do ipv6 bogons netowork alias
https://forum.pfsense.org/index.php?topic=50141.0
-
Your script gave me
sh /usr/local/Scripts/Blacklist-update.sh : not foundScripts/Blacklist-update.sh: : Not Founds://www.squidblacklist.org/downloads/dg-malicious.acl /usr/local/Scripts/Blacklist-update.sh: /usr/local/sbin/e2guardian: Permission denied
So where do you place the script?
looks like you're calling the script not on the same folder you saved it or the content does not match what I've posted or you are not running it as root.
-
Things is starting to function, for now i see everything is working also upstream proxy (proxHTTPS and privoxy) ;)
There is a lot to test out but only when i am alone on the network :) -
Why do you need an upstream proxy?
-
I've been getting a few crashes recently here and there. Not sure if it is just my configuration, E2 Guardian just randomly seems to stop.
I've got 1000 HTTP workers, and resource usage seems to be fine. The below is what I see in system logs:
Apr 4 08:17:44 php-fpm 76879 /rc.start_packages: [E2guardian] - Detected boot process pr:1 bp:1 rpc:no
Apr 4 08:17:44 php-fpm 76879 /rc.start_packages: [E2guardian] - Aborting config file generation -
Why do you need an upstream proxy?
Under General Misc settings you have misc options
"If you have the "usexforwardedfor" option enabled, you may want to specify the IPs from which this kind of header is allowed, such as another upstream proxy server for instance If you want authorize multiple IPs, specify each one on an individual xforwardedforfilterip line."