E2guardian package for pfsense - $??
-
Work around:
In the mean time Marcello said he would write up some instructions on how to manually install the new e2guardian from the github code. I haven't seen them yet, but thanks in advance Marcello.I need to test the alternative install before posting but anyone can download package files from pull request and manual install e2guardian binaries via freebsd pkg(pkg install e2guardian) on pfsense 2.2.x
Renato helped me a lot with e2guardian port to freebsd(especially on port file descriptions and contents) and I know pfSense project has a lot of points that need his attention.
-
You might want to read the "pull" request on pfsense/packages, click here.
You posted this while I was PM'ing to Renato :)
This is what I sent to him:
Hi Renato,
I quized Marcello about the delay in the upcoming e2guardian package and he said it's done, it's just waiting for you to review the code. See here https://forum.pfsense.org/index.php?topic=96031.msg536450#msg536450
I posted this news here: https://forum.pfsense.org/index.php?topic=87526.msg537585#msg537585
…and was hoping you could post a replay letting us know when the review is likely to be complete.
Many people seem to be very eager to get this, as filtering is unusable in V2.2.x (which is what the two SG-2440's my customer has for filtering their traffic have on them).
I'll post a copy of this message on that same thread so everyone knows what's happening.
Thanks,
Colin =)…I guess we won't get a reply for a few days if he's on holiday this week (according to the "pull" post linked above).
I need to test the alternative install before posting but anyone can download package files from pull request and manual install e2guardian binaries via freebsd pkg(pkg install e2guardian) on pfsense 2.2.x
I have seen mention of this elsewhere, but could only find one set of vague instructions. I wasn't confident they were sufficient (or correct), and didn't want to "screw up" my systems. My biggest concern was configuration. There are a LOT of options for DansGuardian, and I wasn't confident I would be able to replicate them correctly in e2Guardian without the GUI (which I'm assuming I won't have without a "proper" pfSense package. It's theoretically possible I could just copy and paste the config file for DansGuardian to e2guardian, but don't know if that would cause issues if settings have changed.
Thanks for the update Marcello, and I'll eagerly await your instructions, and Renato's review ETA.
-
-
The code style is all fixed up - I spent a few hours some time ago formatting and handed that to marcello and he committed it into his pull request.
-
When you take all the PHP/INC files from the pull request and put them in the right places on your pfSense box, and then run a bit of install script (or manually add the E2guardian item into the menus) you will have the E2guardian GUI pages for pfSense. So you will be able to enter stuff in similar boxes to your current Dans Guardian.
Of course you need practice first on a test system - e.g. just make a simple VM on an ordinary PC and mess with that to make sure you know what to do.
It would be even better if Renato can review and commit soon.
-
-
Thanks again Phil :)
-
I'm another guy stuck with two SG2440s bought for purposes of web filtering… so I tried manual install :)
I installed e2guardian package from freebsd repo.
- When you take all the PHP/INC files from the pull request and put them in the right places on your pfSense box, and then run a bit of install script (or manually add the E2guardian item into the menus) you will have the E2guardian GUI pages for pfSense. So you will be able to enter stuff in similar boxes to your current Dans Guardian.
I grabbed the e2guardian files from the pull request. I copied the files php/inc/xml files to locations specified in e2guardian.xml on pfSense. I'm stuck on "run a bit of install script". Where is the install script? Any guidance would be appreciated :). If I manage to install it I'll provide instructions for others.
Thank you everyone for your work on e2guardian!
EDIT:
Ok - I think I've figured out everything except how to add links to service and status->services.
-
Ok - I think I've figured out everything except how to add links to service and status->services.
Backup xml file and check menu section
<menu> <name>E2guradian</name> <tooltiptext>E2guradian</tooltiptext> Services <configfile>e2guardian.xml</configfile> </menu>
and service section
<service><name>e2guardian</name> <rcfile>e2guardian.sh</rcfile> <executable>e2guardian</executable></service>
you can add it via console direct on config.xml (if you really know how to edit it ) or restore a backup with modified xml file.
-
Ok - I think I've figured out everything except how to add links to service and status->services.
Backup xml file and check menu section
<menu> <name>E2guradian</name> <tooltiptext>E2guradian</tooltiptext> Services <configfile>e2guardian.xml</configfile> </menu>
and service section
<service><name>e2guardian</name> <rcfile>e2guardian.sh</rcfile> <executable>e2guardian</executable></service>
you can add it via console direct on config.xml (if you really know how to edit it ) or restore a backup with modified xml file.
I'd be willing to test this out - but my one concern is when the official e2guardian package eventually comes out will this mess that up? i.e. - will it cause a conflict that causes me to have to restore my system and thus undo all my work or will the system merely see that I have e2guardian already installed and then when future updates are applied allow me to update seamlessly?
-
I'd be willing to test this out - but my one concern is when the official e2guardian package eventually comes out will this mess that up?
Except for the freebsd package installed via pkg install, file download and xml changes will not mess your install.
If you prefer, you can try it on a vm and forward connectionts from your box to your vm
Another option is to install it on your backup box if exists.
you can unistall freebsd packages too via console before installing the pbi.
IMHO, pbi is messing up almost all packages I use on 2.2, so I'm doing on my installs a pbi remove and pkg install.
-
IMHO, pbi is messing up almost all packages I use on 2.2, so I'm doing on my installs a pbi remove and pkg install.
Cannot wait for 2.3; indeed extremely hard to find some more crappy packaging format, PBI is virtually unique. ::) >:(
-
Excellent news all round! :D
So we're currently just waiting for Renato to get back from holiday (vacation), at which time he'll be reviewing the code. Hopefully that doesn't take very long! I have no idea how much code needs to be reviewed, or how thorough that testing is, but hopefully it's not a major task.
Thanks for your findings knes1, please do update if you work out more. Maybe a new thread, with a link here.
@_jwsmiths_, I share your concern! With the e2guardian package so close, I'm wondering if it's better to wait. …but Marcello's comments about the packages not working reliably is also concerning. If I get time I'll create a pfSense VM for testing the manual install, as he (Marcello) suggests.
I'm glad we know where we are now, and that we just have one more task to complete (unless Renato finds any issues :-X). Thanks to everyone for all your input, and please keep us updated here if you discover anything relevant. :D
-
Thanks for your findings knes1, please do update if you work out more. Maybe a new thread, with a link here.
As promised, here's the guide (I wrote a blog post about it):
http://knes1.github.io/blog/2015/2015-07-18-manually-installing-e2guardian-to-pfsense.html
Let me know if you think it would be better to open up a separate thread about this (for discussing etc…).
Again, thanks to Marcello and others who made this possible :)
-
Please feedback package tests, it may speed up merge process.
-
ill try it out later this week on my test system…provided work doesnt have other plans for me.
-
Please feedback package tests, it may speed up merge process.
Here's my feedback:
- Daemon tab doesn't appear on first load, you have to click on it second time to appear
- Sometimes (happend to me on 2 out of 4 installs) when loading shalla list, some entries from the default site and url list (adv category) stays in the config file, which prevents e2guardian to start. When attempting to start e2guardian manually I received the following error:
Error reading file /usr/local/etc/e2guardian/lists/blacklists/ads/urls: No such file or directory Error reading file /usr/local/etc/e2guardian/lists/blacklists/ads/urls: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/ads/urls Error opening bannedurllist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files
This can be resolved by commenting out offending adv list in ACL configuration for sites and urls.
- When attempting to install e2guardian on production system where I had defunct dansguardian installed (and removed, both through package manager and by deleting files) e2guardian wouldn't start and when I attempted to start it from console I received the following message:
Starting e2guardian. Error binding ipc server file (try using the SysV to stop e2guardian then try starting it again or doing an 'rm /tmp/.dguardianipc'). Exiting with error
I resolved this by deleting the following 2 files:
/tmp/.dguardianipc /tmp/.dguardianurlipc
E2guardian is now running successfully on one production SG2440 in a small network with cca 10 devices. I will update this if I encounter any problems.
-
Well afraid most of the above is causes by the (incomplete) "DIY" install process.
-
the /usr/local/etc messages may be related to pbi vs pkg isntall
the /tmp/.dguardianipc errors are related to previous dansguardians install and tmp files it creates.
-
What can I do to help get this into the repo? Testing?
-
Testing it out now on my production home system. So far no major problems. Will update this post later.
-
I see period "Exited with status 11" messages in system logs. No obvious malfunction while browsing internet though.
-
I am so very excited about this going into the repo that I am checking the web page every few hours.
I appreciate the work from those who have contributed.