Edit squidguard configuration manualy + doubts



  • Hi,

    There is a lot of configurations for squidguard in pfsense :
    there is in /usr/local/etc/
    There is in /conf/config.xml

    Witch one can I edit ? I've tried config.xml but nothing has changed.

    I want to edit it manually because the "Groups ACL" GUI is forcing the "all" rule over each group rule witch makes impossible to do "cumulative rules" ie :

    192.168.0.0/24 = no social network, no ads
    192.168.0.55 = social network allowed

    In order to do that I must not specify the "all" rule : neither deny or allow

    I have also doubts about the "common ACL" : If I define a "Groups ACL" then the common one is not used ? What is it's priority over all ACLS ?



  • It is best to use the customization through GUI.
    Gui contains are all necessary facilities for you. Also exists FAQ and training videos for SG configure

    Use next ACL's order:
    192.168.0.55 = social network allowed <single ip's="">192.168.0.0/24 = no social network, no ads <all other="" ip="" from="" subnet="">The common ACL don't apply for IP's if defined Group ACL for this IP's.</all></single>



  • Hi, Thank you for your help.

    What I want to achieve is to "cumulate" the rule of 192.168.0.55 with 192.168.0.0/24 in order to avoid to manage to common denial rules.

    For instance, Right now, the 192.168.0.55 is not ads filtered.

    This is due to the fact that the GUI adds me the "all" rule to each groups acl rule. I need a kind of "–-" option to the Default access [all]"

    Is it possible ?

    Best regards,



  • @zeratoun:

    What I want to achieve is to "cumulate" the rule of 192.168.0.55 with 192.168.0.0/24 in order to avoid to manage to common denial rules.
    Is it possible ?

    No. Each ACL contains self Rulez Set. And you must arrange ACLs with narrow Src before ACL with wide Src.



  • It's a shame :( I'll do then with the hard way.

    Thank you very much.

    P.S. : it would be great to have a "copy rule" button …... my mouse will die of so much deny click ..... ;)


Locked