Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard - Groups ACL not working

    Scheduled Pinned Locked Moved Cache/Proxy
    7 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      afrugone
      last edited by

      Hi,

      I've configured Squidguard with a Common ACL that is very restrictive and works perfect. To permit some users to freely navigate the internet, I´ve created a Group ACL that allow all and assigned Specific IPs to this group, but this IPs are still blocked by the Common ACL.

      My configuration is: Pfsense 2.2.4, Squid 3.0-0.2.8 and Squidguard-devel v.1.5.6.

      What could be wrong?

      Thanks

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        The processing order perhaps?

        1 Reply Last reply Reply Quote 0
        • A
          afrugone
          last edited by

          Thanks KOM, but how can I control de processing order?

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            Look at your Group ACL.  The Order is the third option from the top.

            1 Reply Last reply Reply Quote 0
            • A
              afrugone
              last edited by

              Yes I try it, but there is no option for the Common ACL

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                The Order dictates the literal order in whcih ACLs are processed.  If your Common ACL blocks X and your Group ACL allows X, but Group ACL is after Common then X will always be blocked.  You need to move your Group ACL ABOVE Common ACL in the order.  I'd have to play with it to confirm.

                Perhaps you could do this another way.  I find it easier to leave the Common ACL alone other than blocking ads ([blk_BL_adv]), and then create two Group ACLs, one for everyone and one for special access users.  The Everyone ACL is locked down like your Common ACL is currently.  The Special Access ACL is wide open.

                1 Reply Last reply Reply Quote 0
                • A
                  afrugone
                  last edited by

                  Thanks KOM,

                  I did it that way, and create to Group ACL, one Restrictive for everyone and the other is Permisive for some users and it works.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.