3. SquidGuard - different VLANs, config help - block traffic on only ONE VLAN

SquidGuard - different VLANs, config help - block traffic on only ONE VLAN

  • N

    Hi,

    I am using pfsense 2.0 with squid 2.7 (transparent mode) and squidguard.
    I have 6 different VLANs and I would like to block all sites on VLAN30 (172.17.180.0/22) except some domains (e.g. adobe.com kaspersky.com).

    In "Target Categories" I created my filter with name "allowed_sites", entered the URLs, domains I would like later to allow and saved it.
    Then I went to "Group ACL" and used as target "allowed_sites" with "pass" and "Default access [all]" with "deny"

    But now my problem is, that I have to enter all IP subnets in "Client (Source)" I would NOT like to block.Isn't it possible to enter the IPs I want the filter to apply to ?

    1.) Who could explain me how to setup this "easy" filter?
    2.) Where is the difference between "Common ACL" and "Groups ACL" ? When should I use the one and when the other?

    Thanks!

    0
  • Rebel Alliance Developer Netgate

    The clients field in the ACL can match a whole subnet, x.x.x.x/22, and the action on there should be to pass the allowed sites category and deny the others.

    Anyone that does not match the ACL will only be affected by the default ACL setting, which you could make pass on both the allowed sites and default.

    0
  • N

    Does this mean:

    In "Common ACL" tab I have to allow "any"
    And in the "Groups ACL" tab I have to chose my target sites to allow and any other "deny". Client (Source) shoul then be the entire VLAN e.g 192.168.8.0/22, right ?

    Other question:

    Not to allow IP addresses in URL

    Does this mean that squidguard is doing a DNS lookup and check if the IP contains to a domain I had blocked or does this mean that ther will never be any connection when there is an IP in the URL?
    Not sure if any of my security suites is using only IP addresses instead of domain names.

    0
  • Rebel Alliance Developer Netgate

    @Nachtfalke:

    Does this mean:

    In "Common ACL" tab I have to allow "any"
    And in the "Groups ACL" tab I have to chose my target sites to allow and any other "deny". Client (Source) shoul then be the entire VLAN e.g 192.168.8.0/22, right ?

    Sounds right

    @Nachtfalke:

    Other question:

    Not to allow IP addresses in URL

    Does this mean that squidguard is doing a DNS lookup and check if the IP contains to a domain I had blocked or does this mean that ther will never be any connection when there is an IP in the URL?
    Not sure if any of my security suites is using only IP addresses instead of domain names.

    No, that means if someone types in http://69.63.181.12/ they can't go there, instead of getting the site that is there (facebook.com) - it's one way of bypassing domain-based protections.

    0
  • N

    Great! Thanks.

    I will give it a try tomorrow at work.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy