Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow Skype access by time schedule through Squidguard

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      johnjohn
      last edited by

      I am able to block Skype permanently using squid in non-transparent mode. To stop Skype registering, among other things I  disallow ip addresses in urls in a Squidguard Groups ACL and this works OK.

      However I want to allow Skype at certain times of day instead of having it permanently blocked, so I made a Target Category with a regular expression in it to to the same job. This is what I used just to block IPs in URLs going out on port 443

      (\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}:443)

      The trouble is that it doesn't work, this rule is ignored completely.  I have squid/squidguard set up with a blacklist and various custom Target Categories that all work as they should. Is it the rule or is something else set up wrong?

      Thanks

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        On 2.0.1 SquidGuard seems to forget to switch timed rules on and off. This thread discusses the issue:
        http://forum.pfsense.org/index.php/topic,43352.0.html
        /var/squidGuard/log/squidGuard.log usually has stuff like this:

        2012-06-26 20:45:44 [59963] squidGuard 1.4 started (1340722844.179)
2012-06-26 20:45:44 [59963] db update done
2012-06-26 20:45:44 [59963] squidGuard stopped (1340722844.357)
2012-06-26 20:46:11 [30147] squidGuard 1.4 started (1340722871.111)
2012-06-26 20:46:11 [30147] db update done
2012-06-26 20:46:11 [30147] squidGuard stopped (1340722871.120)
2012-06-26 20:46:27 [41722] squidGuard 1.4 started (1340722887.721)
2012-06-26 20:46:27 [41722] Info: recalculating alarm in 11613 seconds
2012-06-26 20:46:27 [41722] squidGuard ready for requests (1340722887.727)
2012-06-26 20:46:27 [41960] squidGuard 1.4 started (1340722887.729)
2012-06-26 20:46:27 [41960] Info: recalculating alarm in 11613 seconds
2012-06-26 20:46:27 [41960] squidGuard ready for requests (1340722887.740)
2012-06-26 20:46:27 [41556] squidGuard 1.4 started (1340722887.747)
2012-06-26 20:46:27 [41556] Info: recalculating alarm in 11613 seconds
2012-06-26 20:46:27 [41556] squidGuard ready for requests (1340722887.753)

        Often the "recalculating alarm" messages stop coming.
        On 2.1-BETA0 this does not seem to be a problem - I guess something combination of SquidGuard and FreeBSD changes has resulted in the timer callbacks actually going off. So far I have only done a bit of quick testing.
        But then your issue could also be to do with the regex etc in the Target Categories!

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • J
          johnjohn
          last edited by

          I have not noticed any problem with rule timings, I used this feature regularly with 2.0 and have just started testing on 2.0.1
          However, I did find that an ip address will be ignored if used as an expression in a Target Category, so that´s why my regex didn't work. Need to do some more reading…

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.