Unofficial E2guardian package for pfSense
-
@ucribrahim said in Unofficial E2guardian package for pfSense:
@pfsensation I just tried over again over and over but damn it. I didn't understand while I was reading your instructions. I'm just confused, could you please tell me the steps one by one that I need to do for install e2guardian in 2.4.4 version of pfsense.)
Thank you.
Copy and paste the patch in, as I've done in the screenshot below
Then save it, press test and then apply the patch. Now if you go to the package manager. You will see E2 Guardian!
-
@asterix said in Unofficial E2guardian package for pfSense:
Getting this PHP error.. in crash reports.
PHP ERROR: Type: 1, File: /etc/inc/service-utils.inc, Line: 668, Message: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
Stack trace:
#0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
#1 {main}I haven't experienced that at all, is this after upgrading to 2.4.4?
Go ahead and start by re-installing E2 Guardian and see if that removes the error.
-
Again crashed,. Did a reinstall yesterday. Looks like the log rotation script is killing it.
amd64
11.2-RELEASE-p3
FreeBSD 11.2-RELEASE-p3 #17 e6b497fa0a3(RELENG_2_4_4): Thu Sep 20 09:04:45 EDT 2018 root@buildbot3:/crossbuild/ce-244/obj/amd64/WvDslnYb/crossbuild/ce-244/pfSense/tmp/FreeBSD-src/sys/pfSenseCrash report details:
PHP Errors:
[27-Sep-2018 00:00:00 America/New_York] PHP Fatal error: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
Stack trace:
#0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
#1 {main}
thrown in /etc/inc/service-utils.inc on line 668No FreeBSD crash data found.
-
@asterix said in Unofficial E2guardian package for pfSense:
Again crashed,. Did a reinstall yesterday. Looks like the log rotation script is killing it.
amd64
11.2-RELEASE-p3
FreeBSD 11.2-RELEASE-p3 #17 e6b497fa0a3(RELENG_2_4_4): Thu Sep 20 09:04:45 EDT 2018 root@buildbot3:/crossbuild/ce-244/obj/amd64/WvDslnYb/crossbuild/ce-244/pfSense/tmp/FreeBSD-src/sys/pfSenseCrash report details:
PHP Errors:
[27-Sep-2018 00:00:00 America/New_York] PHP Fatal error: Uncaught ArgumentCountError: Too few arguments to function service_control_stop(), 1 passed in /usr/local/www/e2guardian_logrotate.php on line 42 and exactly 2 expected in /etc/inc/service-utils.inc:668
Stack trace:
#0 /usr/local/www/e2guardian_logrotate.php(42): service_control_stop('e2guardian')
#1 {main}
thrown in /etc/inc/service-utils.inc on line 668No FreeBSD crash data found.
I experienced it today. Yeah it looks like the log rotate script is what's causing the crash. Which means logs won't be rotated. I'll have a look at it when I have a chance.
-
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
-
Is there an option to edit first post in topic how to get e2guardian to show up atlest in list?
-
I have FQDN in one Firewall Alias that I created and used on Bypass Proxy for These Source IPs and Bypass Proxy for These Destination IPs. The problem is, I guess it is not working on alias because it is not bypassing on those FQDN but when I put it direct, it bypasses it properly.
I am on Pfsense 2.4.4
-
Mesma situação aqui, acompanhando e aguardando a resposta do Marcello.
-
@ravegen said in Unofficial E2guardian package for pfSense:
I have FQDN in one Firewall Alias that I created and used on Bypass Proxy for These Source IPs and Bypass Proxy for These Destination IPs. The problem is, I guess it is not working on alias because it is not bypassing on those FQDN but when I put it direct, it bypasses it properly.
I am on Pfsense 2.4.4
I'm doing something very similar to allow certain websites to bypass E2 Guardian. What's your alias type? You may have got that set incorrectly, because it works fine for me.
-
My alias type is HOST.
Yes, I have this configuration work. But now I have so many aliases at ip addresses placed there. I do not know if there is a limitation on how many aliases or ip addresses to place on that bypass list.
I noticed that when I placed sites, aliases and ip address on the bypass list, those will not appear on the realtime log. However, since the sites on the aliases I made shows on the realtime log, then i believe it is not working.
-
@ravegen said in Unofficial E2guardian package for pfSense:
My alias type is HOST.
Yes, I have this configuration work. But now I have so many aliases at ip addresses placed there. I do not know if there is a limitation on how many aliases or ip addresses to place on that bypass list.
I noticed that when I placed sites, aliases and ip address on the bypass list, those will not appear on the realtime log. However, since the sites on the aliases I made shows on the realtime log, then i believe it is not working.
After placing new entries in your alias, are you going back to E2 Guardian and pressing save then apply? You need to actually restart the E2 Guardian daemon for the changes to take effect right away. It's just how it works unfortunately, E2 Guardian will only resolve the hosts in your alias when it starts up. That process seems to work for me, and allows me to keep it E2 Guardian GUI cleaner without having too many bypasses directly in there.
-
I have another question about bypass list in e2guardian.
Why is there some sites that even you put it in the exception list in the ACL, it still does not work or inaccessible that you need to put it to the bypass list.
Why is that? What is wrong with those sites ?
-
@ravegen said in Unofficial E2guardian package for pfSense:
I have another question about bypass list in e2guardian.
Why is there some sites that even you put it in the exception list in the ACL, it still does not work or inaccessible that you need to put it to the bypass list.
Why is that? What is wrong with those sites ?
What sites? How are you accessing those sites? What's the error log?
-
Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.
-
@ravegen said in Unofficial E2guardian package for pfSense:
Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.
Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.
Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?
what do you mean about config issue?
the real time log does not show any block on a particular site or url . -
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.
Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?
what do you mean about config issue?
the real time log does not show any block on a particular site or url .So you mean the sites that don't work for you, don't show up on the access log (real time log) at all? If E2 Guardian is blocking it, it will always show up on there. If it's not, your issue is definitely elsewhere.
But if possible provide those URL's so I can test from my side. As far as I'm aware, all sites should work through browser as long as your ACL allows it
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.
Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?
what do you mean about config issue?
the real time log does not show any block on a particular site or url .So you mean the sites that don't work for you, don't show up on the access log (real time log) at all? If E2 Guardian is blocking it, it will always show up on there. If it's not, your issue is definitely elsewhere.
But if possible provide those URL's so I can test from my side. As far as I'm aware, all sites should work through browser as long as your ACL allows it
Yes, the website doesnt load, doesnt show any e2guardian block error page, doesnt show any error on realtime access log.
But my user says that when she access the website on her house with her own internet connection, she can access the site without problem.
So what I just did was make an alias for it and put that on bypass and that solved the problem.
Although it solves the problem, I still want to know why it is not accessible with pfsense firewall but access from her house. I already checked the firewall rules and no rules particularly blocks such websites.
I have snort running but my snorts purpose is for blocking malwares and the snort block report does not show any ip address related to those sites that failed to load or had error loading.
I ONLY have firewall, e2guardian and snort running on my pfsense. I dont use pfblocker or any other.
I have do use googledns, cloudflaredns and opendns for my firewall dns where my lan and guest use.
-
@ravegen Have you ever tried enter the website that you try to access into the "Bypass for these destination" ips in E2guardian Daemon menu." field. If yes, that means something else blocks (maybe squid if there is). Let me know after you do that.
-
And nothing is showing up in snort?
Snort needs tweaking to work as you get a lot of false/positive alerts.