Add Blocklist to squid/squidGuard

Xthink

Can someone please please point me to any tutorial/reference on how to add blocklist (ip list) on squid/squidGuard blocklist. It seems it only accept URL and domain.

I'm using the latest snapshot build in vmware on my testing.

dvserg

Tutorials is a bottom: V

Xthink

Thank you. That is the same tutorial that helps me with squidGuard. But I can't find how to add ip's on the destination list. It only ask for domain and/or URL and don't accept ip.

Xthink

Or maybe I just don't do it right. The error message is:

_The following input errors were detected:

DEST 'Tor': Item '12.161.212.22-12.161.212.22 18.42.3.252-18.42.3.252 18.181.2.107-18.181.2.107
…............................  .................. ...................
many more ip ranges  .........
222.254.71.173-222.254.71.173' is not a url._

I used the list from http://list.iblocklist.com/?list=tor just to test. I just use the ip and delete the "The Onion Router:" string.

dvserg

Try expression
192.168.1.2 or 192.168.1.105 or 10.0.0.0\24

(192.168.1.2)|(192\168.1.105)|(10.0\0..*)

. mean '.'
. mean any symbol
.* mean any symbolS

Xthink

Didn't try it yet but do you think this

(12.161.212.22)-(12.161.212.66)

will work for ranges?

(12.161.212..*) will block other ip's that should not be.

dvserg

@Xthink:

Didn't try it yet but do you think this

(12.161.212.22)-(12.161.212.66)

will work for ranges?

(12.161.212..*) will block other ip's that should not be.

Range not work. Probably
(12.161.212.2.)|(12.161.212.3.)|(12.161.212.3.)|(12.161.212.5.)|(12.161.212.6.)

Must block 12.161.212.2x (not 2xx)  12.161.212.3x …

Xthink

Thanks dvserg.
One last thing regarding squid/squidGuard, shall I only place my blocklist on squidGuard or will the blocklist directly placed on squid be read and applied too?

dvserg

My posts before for SquidGuard - Destinations.
You can select deny for this destination in SG rules (Default and ACL)
Squid have self black/white lists.

Xthink

Can I manually edit squid.conf or squidguard.conf?
Will an update on the gui erase the manual setting?

dvserg

@Xthink:

Can I manually edit squid.conf or squidguard.conf?
Will an update on the gui erase the manual setting?

• Possible
• Yes. If you Save Gui changes or reboot you pfSense.