Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - aGeekHere

Pages: [1] 2 3
1
Feedback / approve first post for new users (spam issue)
« on: July 22, 2017, 03:53:17 am »
Getting quite a bit of spam in the forums :(

2
Hi I have a problem with my OpenVPN Client.
When I use the Client Export Utility and download the Current Windows Installer (2.4.2-Ix01)
The user is able of connect with no issues.

However after about a day the client is no longer able to connect. To fix this I have to redownload the Current Windows Installer (2.4.2-Ix01) again (using the old install does not work).

It looks like something is expiring?

3
Hardware / udoo-x86 thoughts
« on: April 26, 2017, 03:30:55 am »
Any thoughts on the upcoming udoo-x86 running pfsense (with their soon to be release dual Ethernet adapter)?

http://shop.udoo.org/other/preorder-x86.html
https://www.kickstarter.com/projects/udoo/udoo-x86-the-most-powerful-maker-board-ever/posts/1550921

Top model will have
CPU   (quad core)
Intel Pentium N3710 2.56 Ghz & Intel® Quark SE core 32 MHz plus 32-bit ARC core 32 MHz

GPU   
Intel HD Graphics 405 Up to 700 MHz 16 execution units

RAM   
8 GB DDR3L Dual Channel

Arduino 101-Compatible board
32GB eMMC Storage
M.2 Key B SSD Slot
M.2 Key E slot for Wifi/BT modules   
SATA Connector   
Gigabit Ethernet

looks to be better and cheaper than a APU2?

4
Cache/Proxy / adobe redirect issues?
« on: April 11, 2017, 08:48:40 pm »
I have found an issue with some of adobe's sites
www.adobe.com/devnet/air/air-sdk-download.html

get redirected to the home page
also when you try and download adobe air
https://get.adobe.com/air/


Anybody else have this issue?

5
OpenVPN / openVPN join network game?
« on: April 11, 2017, 02:17:20 am »
I have followed this guide for setting up openvpn.
https://hardforum.com/threads/pfsense-2-0-1-openvpn-configuration-guide.1663797/

However when the openVPN client hosts a game they get the ip of their local network not the ip of openVPN (therefore they cannot host or join a game).
Is it possible for a vpn client to join a local network game?

6
Firewalling / Jingle Relay Nodes openfire connection issue
« on: July 17, 2016, 10:54:14 pm »
Having an connection issue with Jingle Relay Nodes plugin with openfire. VoIP only works for local calls.

Created a nat rule for UDP ports and tried this https://doc.pfsense.org/index.php/Static_Port

Tried opening ports (3478)
Tried disabling ip6

Does Jingle Relay Nodes work with pfsense because I read somwhere that some routers has issues with it.

What should I try next?

7
Cache/Proxy / Multi segmented downloading broken in squid
« on: July 10, 2016, 04:32:26 am »
Hi, it looks that squid Multi segmented downloading is broken again in squid.

TCP_MISS_ABORTED/206

It was working at one point before the 2.3 upgrage.

To test try using downthemall in firefox


8
Cache/Proxy / Squid proxy 4 is now in RELEASE CANDIDATE cycle
« on: June 29, 2016, 01:21:45 am »
Squid proxy 4 is now in RELEASE CANDIDATE cycle

Here are the changes
http://wiki.squid-cache.org/RoadMap

9
Cache/Proxy / Squid package 0.4.18 update is out
« on: June 10, 2016, 07:00:20 pm »
Squid package 0.4.18 update is out

10
Can unbound work with ram disk on a full install (ssd)?

Because if I try unbound does not start because it cannot find the config file. Similar to this issue (BUT not using pfBlockerNG) https://forum.pfsense.org/index.php?topic=110791.0

11
getting lots of xinetd 19475 readjusting service log spam

Code: [Select]
May 24 11:51:40 xinetd 19475 readjusting service 19204-tcp
May 24 11:51:40 xinetd 19475 readjusting service 19203-udp
May 24 11:51:40 xinetd 19475 readjusting service 19202-udp
May 24 11:51:40 xinetd 19475 readjusting service 19201-udp
May 24 11:51:40 xinetd 19475 readjusting service 19200-udp
May 24 11:51:40 xinetd 19475 readjusting service 19199-udp
May 24 11:51:40 xinetd 19475 readjusting service 19198-udp
May 24 11:51:40 xinetd 19475 readjusting service 19197-udp
May 24 11:51:40 xinetd 19475 readjusting service 19196-udp
May 24 11:51:40 xinetd 19475 readjusting service 19195-udp
May 24 11:51:40 xinetd 19475 readjusting service 19194-udp
May 24 11:51:40 xinetd 19475 readjusting service 19193-udp
May 24 11:51:40 xinetd 19475 readjusting service 19192-udp
May 24 11:51:40 xinetd 19475 readjusting service 19191-udp
May 24 11:51:40 xinetd 19475 readjusting service 19190-udp
May 24 11:51:40 xinetd 19475 readjusting service 19189-udp
May 24 11:51:40 xinetd 19475 readjusting service 19188-udp
May 24 11:51:40 xinetd 19475 readjusting service 19187-udp
May 24 11:51:40 xinetd 19475 readjusting service 19186-udp
May 24 11:51:40 xinetd 19475 readjusting service 19185-udp
May 24 11:51:40 xinetd 19475 readjusting service 19184-udp
May 24 11:51:40 xinetd 19475 readjusting service 19183-udp
May 24 11:51:40 xinetd 19475 readjusting service 19182-udp
May 24 11:51:40 xinetd 19475 readjusting service 19181-udp
May 24 11:51:40 xinetd 19475 readjusting service 19180-udp
May 24 11:51:40 xinetd 19475 readjusting service 19179-udp
May 24 11:51:40 xinetd 19475 readjusting service 19178-udp
May 24 11:51:40 xinetd 19475 readjusting service 19177-udp
May 24 11:51:40 xinetd 19475 readjusting service 19176-udp
May 24 11:51:40 xinetd 19475 readjusting service 19175-udp
May 24 11:51:40 xinetd 19475 readjusting service 19174-udp
May 24 11:51:40 xinetd 19475 readjusting service 19173-udp
May 24 11:51:40 xinetd 19475 readjusting service 19172-udp
May 24 11:51:40 xinetd 19475 readjusting service 19171-udp
May 24 11:51:40 xinetd 19475 readjusting service 19170-udp
May 24 11:51:40 xinetd 19475 readjusting service 19169-udp
May 24 11:51:40 xinetd 19475 readjusting service 19168-udp
May 24 11:51:40 xinetd 19475 readjusting service 19167-udp
May 24 11:51:40 xinetd 19475 readjusting service 19166-udp
May 24 11:51:40 xinetd 19475 readjusting service 19165-udp
May 24 11:51:40 xinetd 19475 readjusting service 19164-udp
May 24 11:51:40 xinetd 19475 readjusting service 19163-udp
May 24 11:51:40 xinetd 19475 readjusting service 19162-udp
May 24 11:51:40 xinetd 19475 readjusting service 19161-udp
May 24 11:51:40 xinetd 19475 readjusting service 19160-udp
May 24 11:51:40 xinetd 19475 readjusting service 19159-udp
May 24 11:51:40 xinetd 19475 readjusting service 19158-udp
May 24 11:51:40 xinetd 19475 readjusting service 19157-udp
May 24 11:51:40 xinetd 19475 readjusting service 19156-udp
May 24 11:51:40 xinetd 19475 readjusting service 19155-udp
May 24 11:51:40 xinetd 19475 readjusting service 19154-udp
May 24 11:51:40 xinetd 19475 readjusting service 19153-udp
May 24 11:51:40 xinetd 19475 readjusting service 19152-udp
May 24 11:51:40 xinetd 19475 readjusting service 19151-udp
May 24 11:51:40 xinetd 19475 readjusting service 19150-udp
May 24 11:51:40 xinetd 19475 readjusting service 19149-udp
May 24 11:51:40 xinetd 19475 readjusting service 19148-udp
May 24 11:51:40 xinetd 19475 readjusting service 19147-udp
May 24 11:51:40 xinetd 19475 readjusting service 19146-udp
May 24 11:51:40 xinetd 19475 readjusting service 19145-udp
May 24 11:51:40 xinetd 19475 readjusting service 19144-udp
May 24 11:51:40 xinetd 19475 readjusting service 19143-udp
May 24 11:51:40 xinetd 19475 readjusting service 19142-udp
May 24 11:51:40 xinetd 19475 readjusting service 19141-udp
May 24 11:51:40 xinetd 19475 readjusting service 19140-udp
May 24 11:51:40 xinetd 19475 readjusting service 19139-udp
May 24 11:51:40 xinetd 19475 readjusting service 19138-udp
May 24 11:51:40 xinetd 19475 readjusting service 19137-udp
May 24 11:51:40 xinetd 19475 readjusting service 19136-udp
May 24 11:51:40 xinetd 19475 readjusting service 19135-udp
May 24 11:51:40 xinetd 19475 readjusting service 19134-udp
May 24 11:51:40 xinetd 19475 readjusting service 19133-udp
May 24 11:51:40 xinetd 19475 readjusting service 19132-udp
May 24 11:51:40 xinetd 19475 readjusting service 19131-udp
May 24 11:51:40 xinetd 19475 readjusting service 19130-udp
May 24 11:51:40 xinetd 19475 readjusting service 19129-udp
May 24 11:51:40 xinetd 19475 readjusting service 19128-udp
May 24 11:51:40 xinetd 19475 readjusting service 19127-udp
May 24 11:51:40 xinetd 19475 readjusting service 19126-udp
May 24 11:51:40 xinetd 19475 readjusting service 19125-udp
May 24 11:51:40 xinetd 19475 readjusting service 19124-udp
May 24 11:51:40 xinetd 19475 readjusting service 19123-udp
May 24 11:51:40 xinetd 19475 readjusting service 19122-udp
May 24 11:51:40 xinetd 19475 readjusting service 19121-udp
May 24 11:51:40 xinetd 19475 readjusting service 19120-udp
May 24 11:51:40 xinetd 19475 readjusting service 19119-udp
May 24 11:51:40 xinetd 19475 readjusting service 19118-udp
May 24 11:51:40 xinetd 19475 readjusting service 19117-udp
May 24 11:51:40 xinetd 19475 readjusting service 19116-udp
May 24 11:51:40 xinetd 19475 readjusting service 19115-udp
May 24 11:51:40 xinetd 19475 readjusting service 19114-udp
May 24 11:51:40 xinetd 19475 readjusting service 19113-udp
May 24 11:51:40 xinetd 19475 readjusting service 19112-udp
May 24 11:51:40 xinetd 19475 readjusting service 19111-udp
May 24 11:51:40 xinetd 19475 readjusting service 19110-udp
May 24 11:51:40 xinetd 19475 readjusting service 19109-udp
May 24 11:51:40 xinetd 19475 readjusting service 19108-udp
May 24 11:51:40 xinetd 19475 readjusting service 19107-udp
May 24 11:51:40 xinetd 19475 readjusting service 19106-udp
May 24 11:51:40 xinetd 19475 readjusting service 19105-udp
May 24 11:51:40 xinetd 19475 readjusting service 19104-udp
May 24 11:51:40 xinetd 19475 readjusting service 19103-udp
May 24 11:51:40 xinetd 19475 readjusting service 19102-udp
May 24 11:51:40 xinetd 19475 readjusting service 19101-udp
May 24 11:51:40 xinetd 19475 readjusting service 19100-udp
May 24 11:51:40 xinetd 19475 readjusting service 19099-udp
May 24 11:51:40 xinetd 19475 readjusting service 19098-udp
May 24 11:51:40 xinetd 19475 readjusting service 19097-udp
May 24 11:51:40 xinetd 19475 readjusting service 19096-udp
May 24 11:51:40 xinetd 19475 readjusting service 19095-udp
May 24 11:51:40 xinetd 19475 readjusting service 19094-udp
May 24 11:51:40 xinetd 19475 readjusting service 19093-udp
May 24 11:51:40 xinetd 19475 readjusting service 19092-udp
May 24 11:51:40 xinetd 19475 readjusting service 19091-udp
May 24 11:51:40 xinetd 19475 readjusting service 19090-udp
May 24 11:51:40 xinetd 19475 readjusting service 19089-udp
May 24 11:51:40 xinetd 19475 readjusting service 19088-udp
May 24 11:51:40 xinetd 19475 readjusting service 19087-udp
May 24 11:51:40 xinetd 19475 readjusting service 19086-udp
May 24 11:51:40 xinetd 19475 readjusting service 19085-udp
May 24 11:51:40 xinetd 19475 readjusting service 19084-udp
May 24 11:51:40 xinetd 19475 readjusting service 19083-udp
May 24 11:51:40 xinetd 19475 readjusting service 19082-udp
May 24 11:51:40 xinetd 19475 readjusting service 19081-udp
May 24 11:51:40 xinetd 19475 readjusting service 19080-udp
May 24 11:51:40 xinetd 19475 readjusting service 19079-udp
May 24 11:51:40 xinetd 19475 readjusting service 19078-udp
May 24 11:51:40 xinetd 19475 readjusting service 19077-udp
May 24 11:51:40 xinetd 19475 readjusting service 19076-udp
May 24 11:51:40 xinetd 19475 readjusting service 19075-udp
May 24 11:51:40 xinetd 19475 readjusting service 19074-udp
May 24 11:51:40 xinetd 19475 readjusting service 19073-udp
May 24 11:51:40 xinetd 19475 readjusting service 19072-udp
May 24 11:51:40 xinetd 19475 readjusting service 19071-udp
May 24 11:51:40 xinetd 19475 readjusting service 19070-udp
May 24 11:51:40 xinetd 19475 readjusting service 19069-udp
May 24 11:51:40 xinetd 19475 readjusting service 19068-udp
May 24 11:51:40 xinetd 19475 readjusting service 19067-udp
May 24 11:51:40 xinetd 19475 readjusting service 19066-udp
May 24 11:51:40 xinetd 19475 readjusting service 19065-udp
May 24 11:51:40 xinetd 19475 readjusting service 19064-udp
May 24 11:51:40 xinetd 19475 readjusting service 19063-udp
May 24 11:51:40 xinetd 19475 readjusting service 19062-udp
May 24 11:51:40 xinetd 19475 readjusting service 19061-udp
May 24 11:51:40 xinetd 19475 readjusting service 19060-udp
May 24 11:51:40 xinetd 19475 readjusting service 19059-udp
May 24 11:51:40 xinetd 19475 readjusting service 19058-udp
May 24 11:51:40 xinetd 19475 readjusting service 19057-udp
May 24 11:51:40 xinetd 19475 readjusting service 19056-udp
May 24 11:51:40 xinetd 19475 readjusting service 19055-udp
May 24 11:51:40 xinetd 19475 readjusting service 19054-udp
May 24 11:51:40 xinetd 19475 readjusting service 19053-udp
May 24 11:51:40 xinetd 19475 readjusting service 19052-udp
May 24 11:51:40 xinetd 19475 readjusting service 19051-udp
May 24 11:51:40 xinetd 19475 readjusting service 19050-udp
May 24 11:51:40 xinetd 19475 readjusting service 19049-udp
May 24 11:51:40 xinetd 19475 readjusting service 19048-udp
May 24 11:51:40 xinetd 19475 readjusting service 19047-udp
May 24 11:51:40 xinetd 19475 readjusting service 19046-udp
May 24 11:51:40 xinetd 19475 readjusting service 19045-udp
May 24 11:51:40 xinetd 19475 readjusting service 19044-udp
May 24 11:51:40 xinetd 19475 readjusting service 19043-udp
May 24 11:51:40 xinetd 19475 readjusting service 19042-udp
May 24 11:51:40 xinetd 19475 readjusting service 19041-udp
May 24 11:51:40 xinetd 19475 readjusting service 19040-udp
May 24 11:51:40 xinetd 19475 readjusting service 19039-udp
May 24 11:51:40 xinetd 19475 readjusting service 19038-udp
May 24 11:51:40 xinetd 19475 readjusting service 19037-udp
May 24 11:51:40 xinetd 19475 readjusting service 19036-udp
May 24 11:51:40 xinetd 19475 readjusting service 19035-udp
May 24 11:51:40 xinetd 19475 readjusting service 19034-udp
May 24 11:51:40 xinetd 19475 readjusting service 19033-udp
May 24 11:51:40 xinetd 19475 readjusting service 19032-udp
May 24 11:51:40 xinetd 19475 readjusting service 19031-udp
May 24 11:51:40 xinetd 19475 readjusting service 19030-udp
May 24 11:51:40 xinetd 19475 readjusting service 19029-udp
May 24 11:51:40 xinetd 19475 readjusting service 19028-udp
May 24 11:51:40 xinetd 19475 readjusting service 19027-udp
May 24 11:51:40 xinetd 19475 readjusting service 19026-udp
May 24 11:51:40 xinetd 19475 readjusting service 19025-udp
May 24 11:51:40 xinetd 19475 readjusting service 19024-udp
May 24 11:51:40 xinetd 19475 readjusting service 19023-udp
May 24 11:51:40 xinetd 19475 readjusting service 19022-udp
May 24 11:51:40 xinetd 19475 readjusting service 19021-udp
May 24 11:51:40 xinetd 19475 readjusting service 19020-udp
May 24 11:51:40 xinetd 19475 readjusting service 19019-udp
May 24 11:51:40 xinetd 19475 readjusting service 19018-udp
May 24 11:51:40 xinetd 19475 readjusting service 19017-udp
May 24 11:51:40 xinetd 19475 readjusting service 19016-udp
May 24 11:51:40 xinetd 19475 readjusting service 19015-udp
May 24 11:51:40 xinetd 19475 readjusting service 19014-udp
May 24 11:51:40 xinetd 19475 readjusting service 19013-udp
May 24 11:51:40 xinetd 19475 readjusting service 19012-udp
May 24 11:51:40 xinetd 19475 readjusting service 19011-udp
May 24 11:51:40 xinetd 19475 readjusting service 19010-udp
May 24 11:51:40 xinetd 19475 readjusting service 19009-udp
May 24 11:51:40 xinetd 19475 readjusting service 19008-udp
May 24 11:51:40 xinetd 19475 readjusting service 19007-udp
May 24 11:51:40 xinetd 19475 readjusting service 19006-udp

12
Guide to filtering web content (http and https) with pfsense 2.3 updated 24 January 2018

After seeing a lot of new users asking how to set up web filtering with pfsense I decided to create an extensive guide.

This document is going to be broken down into 3 main parts

1 Host overrides with DNS resolver
2 Squid and squidguard filtering  Transparent vs Non Transparent proxy
3 wpad

Lets begin
Enable DNS resolver
Services/DNS/Resolver/General Settings
Tic enable
Save

Now we are going to create a rule that will force the network to use our route as the DNS server.
In Firewall/NAT/Port forward
add a new rule

Interface = LAN
Protocol = TCP/UDP
Source ports = *
Dest address = *
Dest ports = 53
NAT IP = 127.0.0.1
NAT Ports = 53
Description = Redirect DNS
LAN TCP/UDP * * * 53 127.0.0.1 53 Redirect DNS
Save

UPDATED
Check that the new DNS rule is above the Default allow LAN to any rule in Firewall\Rules\LAN

Now we are going to create some host overrides, the goal for the host overrides is to force google and bing to use there safe search feature.

Click add under Host overrides
Host = www
Domain = bing.com
IP =  204.79.197.220
Description = bing
Save

Now bing is using safe search

Update Youtube safe mode
Click add under Host overrides
Host = www
Domain = youtube.com
IP =  216.239.38.120
Description = youtube
Save
NOTE: Safe search for youtube is not as advanced as google safe search, which results in a lot of safe content be filtered out.

Now for google, because google has many different domains it would take a very long time to fill them all in, so we are going to create a short cut.

Ssh into the router
type 8
cd /
cd var/unbound
vi forecegoogle.conf
leave blank for now
save (wq)

Go to Diagnostics/Edit File
click browse
click var
click unbound
now you should see a file called forecegoogle.conf, click it

enter the following

Code: [Select]
local-data: "www.google.ad A 216.239.38.120"
local-data: "www.google.ae A 216.239.38.120"
local-data: "www.google.com A 216.239.38.120"
local-data: "www.google.com.af A 216.239.38.120"
local-data: "www.google.com.ag A 216.239.38.120"
local-data: "www.google.com.ai A 216.239.38.120"
local-data: "www.google.al A 216.239.38.120"
local-data: "www.google.am A 216.239.38.120"
local-data: "www.google.co.ao A 216.239.38.120"
local-data: "www.google.com.ar A 216.239.38.120"
local-data: "www.google.as A 216.239.38.120"
local-data: "www.google.at A 216.239.38.120"
local-data: "www.google.com.au A 216.239.38.120"
local-data: "www.google.az A 216.239.38.120"
local-data: "www.google.ba A 216.239.38.120"
local-data: "www.google.com.bd A 216.239.38.120"
local-data: "www.google.be A 216.239.38.120"
local-data: "www.google.bf A 216.239.38.120"
local-data: "www.google.bg A 216.239.38.120"
local-data: "www.google.com.bh A 216.239.38.120"
local-data: "www.google.bi A 216.239.38.120"
local-data: "www.google.bj A 216.239.38.120"
local-data: "www.google.com.bn A 216.239.38.120"
local-data: "www.google.com.bo A 216.239.38.120"
local-data: "www.google.com.br A 216.239.38.120"
local-data: "www.google.bs A 216.239.38.120"
local-data: "www.google.bt A 216.239.38.120"
local-data: "www.google.co.bw A 216.239.38.120"
local-data: "www.google.by A 216.239.38.120"
local-data: "www.google.com.bz A 216.239.38.120"
local-data: "www.google.ca A 216.239.38.120"
local-data: "www.google.cd A 216.239.38.120"
local-data: "www.google.cf A 216.239.38.120"
local-data: "www.google.cg A 216.239.38.120"
local-data: "www.google.ch A 216.239.38.120"
local-data: "www.google.ci A 216.239.38.120"
local-data: "www.google.co.ck A 216.239.38.120"
local-data: "www.google.cl A 216.239.38.120"
local-data: "www.google.cm A 216.239.38.120"
local-data: "www.google.cn A 216.239.38.120"
local-data: "www.google.com.co A 216.239.38.120"
local-data: "www.google.co.cr A 216.239.38.120"
local-data: "www.google.com.cu A 216.239.38.120"
local-data: "www.google.cv A 216.239.38.120"
local-data: "www.google.com.cy A 216.239.38.120"
local-data: "www.google.cz A 216.239.38.120"
local-data: "www.google.de A 216.239.38.120"
local-data: "www.google.dj A 216.239.38.120"
local-data: "www.google.dk A 216.239.38.120"
local-data: "www.google.dm A 216.239.38.120"
local-data: "www.google.com.do A 216.239.38.120"
local-data: "www.google.dz A 216.239.38.120"
local-data: "www.google.com.ec A 216.239.38.120"
local-data: "www.google.ee A 216.239.38.120"
local-data: "www.google.com.eg A 216.239.38.120"
local-data: "www.google.com.et A 216.239.38.120"
local-data: "www.google.fi A 216.239.38.120"
local-data: "www.google.com.fj A 216.239.38.120"
local-data: "www.google.fm A 216.239.38.120"
local-data: "www.google.fr A 216.239.38.120"
local-data: "www.google.ga A 216.239.38.120"
local-data: "www.google.ge A 216.239.38.120"
local-data: "www.google.gg A 216.239.38.120"
local-data: "www.google.com.gh A 216.239.38.120"
local-data: "www.google.com.gi A 216.239.38.120"
local-data: "www.google.gl A 216.239.38.120"
local-data: "www.google.gm A 216.239.38.120"
local-data: "www.google.gp A 216.239.38.120"
local-data: "www.google.gr A 216.239.38.120"
local-data: "www.google.com.gt A 216.239.38.120"
local-data: "www.google.gy A 216.239.38.120"
local-data: "www.google.com.hk A 216.239.38.120"
local-data: "www.google.hn A 216.239.38.120"
local-data: "www.google.hr A 216.239.38.120"
local-data: "www.google.ht A 216.239.38.120"
local-data: "www.google.hu A 216.239.38.120"
local-data: "www.google.co.id A 216.239.38.120"
local-data: "www.google.ie A 216.239.38.120"
local-data: "www.google.co.il A 216.239.38.120"
local-data: "www.google.im A 216.239.38.120"
local-data: "www.google.co.in A 216.239.38.120"
local-data: "www.google.iq A 216.239.38.120"
local-data: "www.google.is A 216.239.38.120"
local-data: "www.google.it A 216.239.38.120"
local-data: "www.google.je A 216.239.38.120"
local-data: "www.google.com.jm A 216.239.38.120"
local-data: "www.google.jo A 216.239.38.120"
local-data: "www.google.co.jp A 216.239.38.120"
local-data: "www.google.co.ke A 216.239.38.120"
local-data: "www.google.com.kh A 216.239.38.120"
local-data: "www.google.ki A 216.239.38.120"
local-data: "www.google.kg A 216.239.38.120"
local-data: "www.google.co.kr A 216.239.38.120"
local-data: "www.google.com.kw A 216.239.38.120"
local-data: "www.google.kz A 216.239.38.120"
local-data: "www.google.la A 216.239.38.120"
local-data: "www.google.com.lb A 216.239.38.120"
local-data: "www.google.li A 216.239.38.120"
local-data: "www.google.lk A 216.239.38.120"
local-data: "www.google.co.ls A 216.239.38.120"
local-data: "www.google.lt A 216.239.38.120"
local-data: "www.google.lu A 216.239.38.120"
local-data: "www.google.lv A 216.239.38.120"
local-data: "www.google.com.ly A 216.239.38.120"
local-data: "www.google.co.ma A 216.239.38.120"
local-data: "www.google.md A 216.239.38.120"
local-data: "www.google.me A 216.239.38.120"
local-data: "www.google.mg A 216.239.38.120"
local-data: "www.google.mk A 216.239.38.120"
local-data: "www.google.ml A 216.239.38.120"
local-data: "www.google.com.mm A 216.239.38.120"
local-data: "www.google.mn A 216.239.38.120"
local-data: "www.google.ms A 216.239.38.120"
local-data: "www.google.com.mt A 216.239.38.120"
local-data: "www.google.mu A 216.239.38.120"
local-data: "www.google.mv A 216.239.38.120"
local-data: "www.google.mw A 216.239.38.120"
local-data: "www.google.com.mx A 216.239.38.120"
local-data: "www.google.com.my A 216.239.38.120"
local-data: "www.google.co.mz A 216.239.38.120"
local-data: "www.google.com.na A 216.239.38.120"
local-data: "www.google.com.nf A 216.239.38.120"
local-data: "www.google.com.ng A 216.239.38.120"
local-data: "www.google.com.ni A 216.239.38.120"
local-data: "www.google.ne A 216.239.38.120"
local-data: "www.google.nl A 216.239.38.120"
local-data: "www.google.no A 216.239.38.120"
local-data: "www.google.com.np A 216.239.38.120"
local-data: "www.google.nr A 216.239.38.120"
local-data: "www.google.nu A 216.239.38.120"
local-data: "www.google.co.nz A 216.239.38.120"
local-data: "www.google.com.om A 216.239.38.120"
local-data: "www.google.com.pa A 216.239.38.120"
local-data: "www.google.com.pe A 216.239.38.120"
local-data: "www.google.com.pg A 216.239.38.120"
local-data: "www.google.com.ph A 216.239.38.120"
local-data: "www.google.com.pk A 216.239.38.120"
local-data: "www.google.pl A 216.239.38.120"
local-data: "www.google.pn A 216.239.38.120"
local-data: "www.google.com.pr A 216.239.38.120"
local-data: "www.google.ps A 216.239.38.120"
local-data: "www.google.pt A 216.239.38.120"
local-data: "www.google.com.py A 216.239.38.120"
local-data: "www.google.com.qa A 216.239.38.120"
local-data: "www.google.ro A 216.239.38.120"
local-data: "www.google.ru A 216.239.38.120"
local-data: "www.google.rw A 216.239.38.120"
local-data: "www.google.com.sa A 216.239.38.120"
local-data: "www.google.com.sb A 216.239.38.120"
local-data: "www.google.sc A 216.239.38.120"
local-data: "www.google.se A 216.239.38.120"
local-data: "www.google.com.sg A 216.239.38.120"
local-data: "www.google.sh A 216.239.38.120"
local-data: "www.google.si A 216.239.38.120"
local-data: "www.google.sk A 216.239.38.120"
local-data: "www.google.com.sl A 216.239.38.120"
local-data: "www.google.sn A 216.239.38.120"
local-data: "www.google.so A 216.239.38.120"
local-data: "www.google.sm A 216.239.38.120"
local-data: "www.google.sr A 216.239.38.120"
local-data: "www.google.st A 216.239.38.120"
local-data: "www.google.com.sv A 216.239.38.120"
local-data: "www.google.td A 216.239.38.120"
local-data: "www.google.tg A 216.239.38.120"
local-data: "www.google.co.th A 216.239.38.120"
local-data: "www.google.com.tj A 216.239.38.120"
local-data: "www.google.tk A 216.239.38.120"
local-data: "www.google.tl A 216.239.38.120"
local-data: "www.google.tm A 216.239.38.120"
local-data: "www.google.tn A 216.239.38.120"
local-data: "www.google.to A 216.239.38.120"
local-data: "www.google.com.tr A 216.239.38.120"
local-data: "www.google.tt A 216.239.38.120"
local-data: "www.google.com.tw A 216.239.38.120"
local-data: "www.google.co.tz A 216.239.38.120"
local-data: "www.google.com.ua A 216.239.38.120"
local-data: "www.google.co.ug A 216.239.38.120"
local-data: "www.google.co.uk A 216.239.38.120"
local-data: "www.google.com.uy A 216.239.38.120"
local-data: "www.google.co.uz A 216.239.38.120"
local-data: "www.google.com.vc A 216.239.38.120"
local-data: "www.google.co.ve A 216.239.38.120"
local-data: "www.google.vg A 216.239.38.120"
local-data: "www.google.co.vi A 216.239.38.120"
local-data: "www.google.com.vn A 216.239.38.120"
local-data: "www.google.vu A 216.239.38.120"
local-data: "www.google.ws A 216.239.38.120"
local-data: "www.google.rs A 216.239.38.120"
local-data: "www.google.co.za A 216.239.38.120"
local-data: "www.google.co.zm A 216.239.38.120"
local-data: "www.google.co.zw A 216.239.38.120"
local-data: "www.google.cat A 216.239.38.120"
save

Go to Services/DNS/Resolver/General Settings
in custom option enter

Code: [Select]
server:
include: /var/unbound/forecegoogle.conf

save
now google should be using safe mode.

Part 2
Install squid and squidguard in System/PackageManager/Available Packages

Now we are going to talk about transparent proxy vs non transparent proxy.
https://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy

Transparent proxy for http is very easy to set up, you just enable Transparent HTTP Proxy in squid (and install the blacklist in squidguard but I will get to that later). Now all traffic should be going to your proxy server on port 3128. However, if you want to filter https then this is where it gets complicated, you have to enable SSL Man In the Middle Filtering and create Certificates and even after that you may get connection errors and all sorts of issues.

UPDATE
You can try setting up MITM by setting the SSL/MITM Mode to splice all, that way you do not need to create a certificate for each device on the network. (you still need to create a main certificate though)

So in this guide we are going to use a Non Transparent with wpad which will filter http and https content.
Update
I found that we can use both a transperrent proxy for port 80 and a wpad for 443 https content (UPDATE or you can use splice all in MITM), the wpad will be setup to use port 80 and 443. The transperrent proxy is going to catch every thing that the wpad misses, enable transperrent proxy in squid once you have the wpad setup.



First we are going to setup squidguard
Update
In squidguard under General settings
Tic enable
Tic Enable log
Tic Enable log rotation
Tic enable blacklist
Under Blacklist URL add http://www.shallalist.de/Downloads/shallalist.tar.gz
Save
apply (you must always hit apply for any changes you made to squidguard).

In Package/Proxy filter SquidGuard: General settings/General settings
click blacklist
enter http://www.shallalist.de/Downloads/shallalist.tar.gz
download
wait to finish

Now we are going to create a new target category.
click Target categories (Do not skip this step).
This will be a white list.
add
name whitelist
description whitelist

Because google and bing are the only search engines (as of writing) that can force safes search we are going to block all other search engines except google and bing, white list google and bing
Domain list

NOTE NOT ALL ADDED YET FOR GOOGLE
Trying to fix google domains like play.google.com accounts.google.com mail.google.com and sites like www.google.com/contacts from getting blocked
Fixed

Code: [Select]
google.ac google.ad google.ae google.al google.am google.as google.at google.az google.ba google.be google.bf google.bg google.bi google.bj google.bs google.bt google.by google.ca google.cat google.cd google.cf google.cg google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.ck google.co.cr google.co.hu google.co.id google.co.il google.co.in google.co.je google.co.jp google.co.ke google.co.kr google.co.ls google.com google.co.ma google.com.af google.com.ag google.com.ai google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cu google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gi google.com.gr google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.na google.com.nf google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.pg google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sb google.com.sg google.com.sl google.com.sv google.com.tj google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.co.mz google.co.nz google.co.th google.co.tz google.co.ug google.co.uk google.co.uz google.co.ve google.co.vi google.co.za google.co.zm google.co.zw google.cv google.cz google.de google-directory.co.uk google.dj google.dk google.dm google.dz google.ee google.es google.fi google.fm google.fr google.ga google.ge google.gg google.gl google.gm google.gp google.gr google.gy google.hn google.hr google.ht google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kg google.ki google.kz google.la google.li google.lk google.lt google.lu google.lv google.md google.me google.mg google.mk google.ml google.mn google.ms google.mu google.mv google.mw google.ne google.nl google.no google.nr google.nu google.off.ai googlepirate.com google.pl google.pn google.ps google.pt google.ro google.rs google.ru google.rw google.sc google.se google.sh google.si google.sk google.sm google.sn google.so google.sr google.st google.td google.tg google.tk google.tl google.tm google.tn google.to google.tt google.uz google.vg google.vu google.ws bing.com

save

click Common ACL
click the plus button
target categories whitelist access whitelist
[blk_BL_searchengines] access deny
Default access [all] allow

To block ads (including on android and ios)
[blk_BL_adv] access deny

To block proxy sites
[blk_BL_anonvpn] access deny
Read though all the other categories and deny the ones you want

next click Do not allow IP-Addresses in URL (If this causes issues deselect it)
use safe search engines no longer works however you can click it as well.
Save
click General settings
click Apply
click Save

If you want you can do a quick test by setting up your pc to use the proxy and see how thing are working.

Part 3
Now we are going to set up a wpad read more here about wpad https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid
ssh in to pfsense
8
cd /
create the wpad.da file
vi /usr/local/www/wpad.da
wq

Create two new symbolic link files
Code: [Select]
ln -s /usr/local/www/wpad.da /usr/local/www/wpad.dat
ln -s /usr/local/www/wpad.da /usr/local/www/proxy.pac


Then go Diagnostics /Edit File
click browse
user
local
www
click wpad.da
add

Code: [Select]
function FindProxyForURL(url, host)
{
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "192.168.1.0",  "255.255.255.0"))
        return "DIRECT";
 
    return "PROXY 192.168.1.1:3128";
}

save


If you connect to a VPN you need to go direct for the VPN instead of the proxy, Remember you need to add the correct network class for the VPN  either A, B or C

Code: [Select]
function FindProxyForURL(url, host)
{
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "192.168.1.0",  "255.255.255.0"))
        return "DIRECT";

        if (isInNet(dnsResolve(host), "1.0.0.0",  "255.0.0.0" ))
        { return "DIRECT"; }
 
    return "PROXY 192.168.1.1:3128";
}

save
Go to Configure DNS Resolver add new host overrides
Host: wpad
Domain: mylocaldomain.local
IP Address: 192.168.1.1
Description: WPAD Autoconfigure Host
save
Next go to Services: DHCP server under Additional BOOTP/DHCP Options
add
Code: [Select]
number: 252 type: string value: "http://192.168.1.1/wpad.dat"
number: 252 type: string value: "http://192.168.1.1/wpad.da"
number: 252 type: string value: "http://192.168.1.1/proxy.pac"
save

set pfsense Protocol to http (This is a MUST, it will not work if you do not do this)
System: Advanced: Admin Access Protocol http

To stop users from bypassing your proxy setup two new firewall lan rule and block port 80 and 443
IPv4 TCP * * * 80 * none
IPv4 TCP * * * 443 * none
Save

Set your system to automatically detect settings (for windows it is in internet options connections lan settings).

You also have to set up the proxy setting for each program that cant connect (firefox, graphics drive software, vlc etc)

If you have programs that cannot connect and have no proxy setting you need to setup a firewall aliases
 Firewall/Aliases/IP
and add the destination server ip (use wire shark to help find the blocked Ips or in your firewall block rule enable Log packets that are handled by this rule, use http://ip-lookup.net/index.php to check what it is and add to the Aliases. If it is part of a domain add the domain)
now create a new firewall lan rule
IPv4 TCP * * * passAliases 80* pass rule.
IPv4 TCP * * * passAliases 443 * pass rule.

Save

A note on smart phones (android, IOS, etc)
With android (not sure on other smart phones OS) you can not set it so that all the apps on the device use the proxy (not without rooting and other hacks), web browsers (google) will work fine using the proxy (if set in wireless connection options) but not apps or things like google play, so unless there is an option to use proxy for all apps on the device the most practical option here is just to allow smart phones to use port 80 and 443.
 
UPDATE 24 JUNE 2016
I have found that if you have connection issues using auto config for android or other smart phones try manually setting the proxy, now opening port 80 and 443 is not needed.

Now we should have pfsense all set up for web filtering. I hope this has been helpful and thanks to everyone on the forum who has help me in creating this guide.

Just a note for any specific issues with squid, squidguard or dns please create a new topic in the correct areas of the forum and link it here if needed

13
Cache/Proxy / Improve Custom refresh pattern
« on: May 09, 2016, 06:10:59 am »
Hi all, been trying to get the most out of squid cache and its refresh patterns.

Please post improvements.

Updated - Added kivimart refresh patterns

Updated - Added deajan refresh patterns

Updated - Added Valeriy refresh patterns

Updated - added kikawala refresh patterns

Updated on 3 March 2017
Code: [Select]

#new refresh patterns 3
acl Windows_Update dstdomain windowsupdate.microsoft.com
acl Windows_Update dstdomain .update.microsoft.com
acl Windows_Update dstdomain download.windowsupdate.com
acl Windows_Update dstdomain www.download.windowsupdate.com
acl Windows_Update dstdomain au.download.windowsupdate.com
acl Windows_Update dstdomain bg.v4.pr.dl.ws.microsoft.com

#new refresh patterns 2
refresh_pattern -i (\.|-)(ini|def|sig|upt|mid|midi|mpg|mpeg|ram|cav|acc|alz|apk|at3|bke|arc|ass|ba|big|bik|bkf|bld|c4|cals|clipflair|cpt|daa|dmg|ddz|dpe|egg|egt|ecab|ess|esd|gho|ghs|gz|ipg|jar|lbr|lqr|lha|lz|lzo|lzma|lzx|mbw|mc.meta|mpq|nth|osz|pak|par|par2|paf|pyk|pk3|pk4|rag|sen|sitx|skb|tb|tib|uha|uue|viv|vsa|z|zoo|nrg|adf|adz|dms|dsk|d64|sdi|mds|mdx|cdi|cue|cif|c2d|daa|b6t)(\?.*)?$ 43200 100% 432000 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth
#end new refresh patterns 2

#new refresh patterns
refresh_pattern -i (\.|-)(mp3|m4a|aa?c3?|wm?av?|og(x|v|a|g)|ape|mka|au|aiff|zip|flac|m4(b|r)|m1v|m2(v|p)|mo(d|v)|arj|appx|lha|lzh|on2)(\?.*)?$ 43200 100% 432000 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth
refresh_pattern -i (\.|-)(exe|bin|(n|t)ar|acv|(r|j)ar|t?gz|(g|b)z(ip)?2?|7?z(ip)?|wm[v|a]|patch|diff|mar|vpu|inc|r(a|p)m|kom|iso|sys|[ap]sf|ms[i|u|f]|dat|msi|cab|psf|dvr-ms|ace|asx|qt|xt|esd)(\?.*)?$ 43200 100% 432000 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth
refresh_pattern -i (\.|-)(ico(.*)?|pn[pg]|css|(g|t)iff?|jpe?g(2|3|4)?|psd|c(d|b)r|cad|bmp|img)(\?.*)?$ 43200 100% 432000 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth
refresh_pattern -i (\.|-)(webm|(x-)?swf|mp(eg)?(3|4)|mpe?g(av)?|(x-)?f(l|4)v|divx?|rmvb?|mov|trp|ts|avi|m38u|wmv|wmp|m4v|mkv|asf|dv|vob|3gp?2?)(\?.*)?$ 43200 100% 432000 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth
refresh_pattern -i (\.|-)(docx?|xlsx?|pptx?|rtf|xml|pdf|tiff?|txt)(\?.*)?$ 43200 100% 432000 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth
#Website
refresh_pattern -i (\.|-)(xml|js|jsp|txt|css)(\?.*)?$ 360 40% 1440 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth
refresh_pattern -i .index.(html|htm)$ 0 40% 1440
refresh_pattern . 30 25% 1440
#end new refresh patterns

refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|rpm|divx|dvr-ms)      129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(rar|jar|gz|tgz|tar|bz2|iso|m1v|m2(v|p)|mo(d|v)|(x-|)flv) 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)         129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p))                   129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav)                  129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t))               129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload

refresh_pattern ^gopher:  1440  0%  1440
refresh_pattern ^ftp:    10080 95% 43200 override-lastmod reload-into-ims

refresh_pattern -i \.(doc|pdf)$           100080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private reload-into-ims
refresh_pattern -i \.(html|htm)$          1440   40% 40320 ignore-no-cache ignore-no-store ignore-private override-expire reload-into-ims
refresh_pattern (Release|Packages(.gz)*)$    0   20%  2880
refresh_pattern .                          180   95% 43200 override-lastmod reload-into-ims

# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern -i (/cgi-bin/|\?)         0      0%      0
refresh_pattern \.(ico|video-stats)$ 129600 100% 129600 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate

refresh_pattern imeem.*\.flv$                           0     0%         0 override-lastmod override-expire
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280    90%    161280 ignore-reload

refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate

refresh_pattern ^.*safebrowsing.*google                                  129600 100% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk)     129600 100% 129600 override-expire ignore-reload ignore-private
refresh_pattern ytimg\.com.*\.jpg                                        129600 100% 129600 override-expire ignore-reload
refresh_pattern images\.friendster\.com.*\.(png|gif)                     129600 100% 129600 override-expire ignore-reload
refresh_pattern garena\.com                                              129600 100% 129600 override-expire reload-into-ims
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)           129600 100% 129600 override-expire ignore-reload
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\?                      129600 100% 129600 ignore-no-cache override-expire override-lastmod
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 100% 129600 reload-into-ims override-expire ignore-private
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.                      129600 100% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire
refresh_pattern ^http:\/\/www.onemanga.com.*\/                           129600 100% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire

# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin)                              43200 100% 43200  ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern (avgate|avira).*(idx|gz)$                           43200 100% 43200  ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern kaspersky.*\.avc$                                   43200 100% 43200  ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern kaspersky                                           43200 100% 43200  ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern update.nai.com/.*\.(gem|zip|mcs)                    43200 100% 43200  ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 43200 100% 43200  ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern -i symantecliveupdate.com/.*\.(zip|exe)             43200 100% 43200 reload-into-ims
refresh_pattern -i avast.com/.*\.(vpu|vpaa) 4320 100% 43200 reload-into-ims
refresh_pattern -i avira-update.com/.*\.* 720 100% 10800 reload-into-ims


#windows update NEW UPDATE 0.04
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern update.microsoft.com/.*\.(cab|exe)                  43200 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern ([^.]+\.)?(download|(windows)?update)\.(microsoft\.)?com/.*\.(cab|exe|msi|msp|psf) 4320 100% 43200 reload-into-ims
refresh_pattern update.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern www.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims

refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 4320 100% 43200 reload-into-ims
refresh_pattern bg.v4.pr.dl.ws.microsoft.com/.*\.(cab|exe|dll|msi|psf) 4320 100% 43200 reload-into-ims
refresh_pattern -i .*windowsupdate.com/.*\.(cab|exe)                     259200 100% 259200 ignore-no-store ignore-reload reload-into-ims
refresh_pattern -i .*update.microsoft.com/.*\.(cab|exe|dll|msi|psf)                  259200 100% 259200 ignore-no-store ignore-reload reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 4320 100% 43200 reload-into-ims
refresh_pattern bg.v4.pr.dl.ws.microsoft.com/.*\.(cab|exe|dll|msi|psf) 4320 100% 43200 reload-into-ims

#apple update
refresh_pattern -i (download|adcdownload).apple.com/.*\.(pkg|dmg) 4320 100% 43200 reload-into-ims
refresh_pattern -i appldnld\.apple\.com 129600 100% 129600 ignore-reload ignore-no-store override-expire override-lastmod ignore-must-revalidate
refresh_pattern -i phobos\.apple\.com 129600 100% 129600 ignore-reload ignore-no-store override-expire override-lastmod ignore-must-revalidate
refresh_pattern -i iosapps\.itunes\.apple\.com 129600 100% 129600 ignore-reload ignore-no-store override-expire override-lastmod ignore-must-revalidate

#images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)           129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png)            129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)  129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store

#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/                           43200  100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/                              43200  100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf)                        43200  100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/openx.kompas.com.*\/                                43200  100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf)                       43200  100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf)                  43200  100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store

#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 100% 129600 reload-into-ims  ignore-reload override-expire ignore-no-cache ignore-no-store  ignore-auth

refresh_pattern -i ^http://(khm?)([^/]*?)\.google\.(de|com)     129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload

refresh_pattern -i ^http://ecn\.t\d\.tiles\.virtualearth\.net/tiles/\w*\.jpeg     129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload

14
Hi, after upgrading to 2.3 my forced google safe search has stopped working.
In DNS Resolver Host Overrides my setup is

Code: [Select]
Host             Domain                 IP                           
www            google.com.au 216.239.38.120 googlesafe

Anyone else have this issue?

15
Hi all, I upgraded to 2.3, squid was not working so i cleared the cache But when i try and rebuild the cache squid -z I get

Code: [Select]
2016/05/09 14:39:06| ERROR: redirect_program /usr/pbi/squidguard-amd64/bin/squidGuard: (2) No such file or directory
FATAL: redirect_program /usr/pbi/squidguard-amd64/bin/squidGuard: (2) No such file or directory
Squid Cache (Version 3.5.16): Terminated abnormally.
CPU Usage: 0.030 seconds = 0.022 user + 0.007 sys
Maximum Resident Size: 49136 KB
Page faults with physical i/o: 0

How can I fix this?

Update

Found in squid Integrations

Code: [Select]
redirect_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf;redirector_bypass off;
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;url_rewrite_bypass off;url_rewrite_children 16 startup=8 idle=4 concurrency=0

What should this now be?

FIXED

Code: [Select]
redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass off;url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;url_rewrite_bypass off;url_rewrite_children 16 startup=8 idle=4 concurrency=0

Pages: [1] 2 3