Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SquidGuard Blacklists

    pfSense Packages
    2
    13
    5810
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      qwaven last edited by

      Hello,

      I'm new with the whole PFSense system and I've been trying to setup PFSense with Squid+SquidGuard to use blacklists.

      I've installed everything but I can't figure out where to go to select which blacklists to use. I'm using the Shalla list and have downloaded it useing the download tool in the GUI.

      I've looked at a few tutorials and one of them had some screenshots showing a tab called "default" which I do not see. I'm not sure if this is just from an older version or if something is wrong (or I'm missing something) with my setup.

      Please help!

      Note: I've included a few screenshots of my UI.

      Thanks. :)




      1 Reply Last reply Reply Quote 0
      • D
        dvserg last edited by

        Now look 'Common ACL' for configure filter rules.

        SquidGuardDoc EN  RU Tutorial
        Localization ru_PFSense

        1 Reply Last reply Reply Quote 0
        • Q
          qwaven last edited by

          Thanks for the info. I didnt notice that little green button beside the Target Rules List. :)

          Is it possible to create multiple lists for different groups?

          Thanks!

          1 Reply Last reply Reply Quote 0
          • D
            dvserg last edited by

            @qwaven:

            Thanks for the info. I didnt notice that little green button beside the Target Rules List. :)

            Is it possible to create multiple lists for different groups?

            Thanks!

            Yes - Special ACL

            SquidGuardDoc EN  RU Tutorial
            Localization ru_PFSense

            1 Reply Last reply Reply Quote 0
            • Q
              qwaven last edited by

              Oh I see it now. Not under 'common' but under 'special' :)

              Thanks for your help.

              1 Reply Last reply Reply Quote 0
              • D
                dvserg last edited by

                @qwaven:

                Oh I see it now. Not under 'common' but under 'special' :)

                Thanks for your help.

                I just can not find another name for this tab. Can someone suggest another option?

                SquidGuardDoc EN  RU Tutorial
                Localization ru_PFSense

                1 Reply Last reply Reply Quote 0
                • Q
                  qwaven last edited by

                  Are you talking about the names for Common and Special? I'd call them Common = Global and Special = Groups or Custom. :)

                  Cheers!

                  1 Reply Last reply Reply Quote 0
                  • D
                    dvserg last edited by

                    @qwaven:

                    Are you talking about the names for Common and Special? I'd call them Common = Global and Special = Groups or Custom. :)

                    Cheers!

                    'Common' fairly accurately determine its value as a setting for all those who no have special settings. Perhaps a "Groups ACL" closer to the meaning than the "special ACL".
                    Thanks.

                    SquidGuardDoc EN  RU Tutorial
                    Localization ru_PFSense

                    1 Reply Last reply Reply Quote 0
                    • Q
                      qwaven last edited by

                      Still seem to be having issue.

                      I've setup as follows.

                      [internet] – [main router/firewall] – [pfsense] – [switch] – [lan]

                      -PF sense is in bridging mode
                      -I don't seem to be able to browse at all when I try and use transparent mode
                      -When browsing through the proxy manually; I go to a site that shows http headers and I see I'm on a proxy. Yet none of my filter rules seem to apply. I've tried using 'common', 'special', and 'target cat…'

                      Thoughts?

                      1 Reply Last reply Reply Quote 0
                      • D
                        dvserg last edited by

                        @qwaven:

                        Still seem to be having issue.

                        I've setup as follows.

                        [internet] – [main router/firewall] – [pfsense] – [switch] – [lan]

                        -PF sense is in bridging mode
                        -I don't seem to be able to browse at all when I try and use transparent mode
                        -When browsing through the proxy manually; I go to a site that shows http headers and I see I'm on a proxy. Yet none of my filter rules seem to apply. I've tried using 'common', 'special', and 'target cat…'

                        In bridging mode transparent do not work
                        Show you SG config

                        SquidGuardDoc EN  RU Tutorial
                        Localization ru_PFSense

                        1 Reply Last reply Reply Quote 0
                        • Q
                          qwaven last edited by

                          Is there a way I can export my config or do I need to screenshot?

                          Thanks.

                          1 Reply Last reply Reply Quote 0
                          • D
                            dvserg last edited by

                            @qwaven:

                            Is there a way I can export my config or do I need to screenshot?

                            Thanks.

                            Log > Proxy filter config. Copy-paste

                            SquidGuardDoc EN  RU Tutorial
                            Localization ru_PFSense

                            1 Reply Last reply Reply Quote 0
                            • Q
                              qwaven last edited by

                              Oh thanks. :)

                              
                              # Do not edit manually !
                              http_port 10.10.200.254:8080
                              icp_port 0
                              
                              pid_filename /var/run/squid.pid
                              cache_effective_user proxy
                              cache_effective_group proxy
                              error_directory /usr/local/etc/squid/errors/English
                              icon_directory /usr/local/etc/squid/icons
                              visible_hostname ffdfw002
                              cache_mgr ithelp@dontcare.com
                              access_log /var/log/httpproxy/access.log
                              cache_log /var/log/httpproxy/cache.log
                              cache_store_log none
                              logfile_rotate 8
                              shutdown_lifetime 3 seconds
                              # Allow local network(s) on interface(s)
                              acl localnet src  10.10.200.0/255.255.255.0
                              uri_whitespace strip
                              
                              cache_mem 512 MB
                              maximum_object_size_in_memory 32 KB
                              memory_replacement_policy lru
                              cache_replacement_policy lru
                              cache_dir aufs /var/squid/cache 2500 16 256
                              minimum_object_size 0 KB
                              maximum_object_size 1024 KB
                              offline_mode off
                              cache_swap_low 90
                              cache_swap_high 95
                              
                              # No redirector configured
                              
                              # Setup some default acls
                              acl all src 0.0.0.0/0.0.0.0
                              acl localhost src 127.0.0.1/255.255.255.255
                              acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
                              acl sslports port 443 563  
                              acl manager proto cache_object
                              acl purge method PURGE
                              acl connect method CONNECT
                              acl dynamic urlpath_regex cgi-bin \?
                              acl allowed_subnets src 10.10.200.0/24 
                              cache deny dynamic
                              http_access allow manager localhost
                              
                              http_access deny manager
                              http_access allow purge localhost
                              http_access deny purge
                              http_access deny !safeports
                              http_access deny CONNECT !sslports
                              
                              # Always allow localhost connections
                              http_access allow localhost
                              
                              request_body_max_size 0 KB
                              reply_body_max_size 0 allow all
                              delay_pools 1
                              delay_class 1 2
                              delay_parameters 1 -1/-1 -1/-1
                              delay_initial_bucket_level 100
                              delay_access 1 allow all
                              
                              # Setup allowed acls
                              # Allow local network(s) on interface(s)
                              http_access allow allowed_subnets
                              http_access allow localnet
                              # Custom options
                              redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
                              redirector_bypass on
                              redirect_children 3
                              # Default block all to be sure
                              http_access deny all
                              
                              

                              Thoughts?

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post