Netgate SG-1000 microFirewall

Author Topic: Unofficial E2guardian package for pfSense  (Read 27376 times)

0 Members and 1 Guest are viewing this topic.

Offline Stewart

  • Full Member
  • ***
  • Posts: 255
  • Karma: +16/-2
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #15 on: April 04, 2017, 08:43:09 am »
To me, the original style is better.  I can see that I'm in ACL's -> Phrase Lists by the underlining.  It just sticks out better.  In the second one I can see that I'm in ACLs but can't tell which sub-menu I'm in becasue it isn't showing any different.  The bread-crumbs up top show it but it just isn't as easy to follow.  I like your current style better.

Offline danjeman

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #16 on: April 04, 2017, 10:20:54 am »
I think style 2 is cleaner but would be even nicer if it did highlight the sub menu item too  ;)

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13398
  • Karma: +589/-7
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #17 on: April 04, 2017, 10:28:04 am »
I think style 2 is cleaner but would be even nicer if it did highlight the sub menu item too  ;)

I'll put the highlight as an option. For now I've changed de text on each xml to identify what tab you are.
« Last Edit: April 04, 2017, 02:25:14 pm by marcelloc »

Offline Stewart

  • Full Member
  • ***
  • Posts: 255
  • Karma: +16/-2
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #18 on: April 04, 2017, 01:23:17 pm »
I'm starting to test e2guardian but it won't start.
Code: [Select]
/root: /usr/local/etc/rc.d/e2guardian.sh start
kern.ipc.somaxconn: 16384 -> 16384
kern.maxfiles: 131072 -> 131072
kern.maxfilesperproc: 104856 -> 104856
kern.threads.max_threads_per_proc: 4096 -> 4096
Starting e2guardian.
In mapauthtoports mode you need to setup one port per auth plugin
Error parsing the e2guardian.conf file or other e2guardian configuration files
/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian

Can those files be regenerated?  I've pointed to shallalist but that's about it.  The Default values in bold, those are the values used if the boxes are left blank?  They don't need to be filled in do they?

EDIT:
I copied the e2guardian.conf.sample and overwrote /usr/local/etc/e2guardian/e2guardian.conf and I'm getting further.  Now it tells me:
Code: [Select]
/root: /usr/local/etc/rc.d/e2guardian.sh start
kern.ipc.somaxconn: 16384 -> 16384
kern.maxfiles: 131072 -> 131072
kern.maxfilesperproc: 104856 -> 104856
kern.threads.max_threads_per_proc: 4096 -> 4096
Starting e2guardian.
Error opening/creating log file. (check ownership and access rights).
I am running as nobody and I am trying to open /var/log//access.log
/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
« Last Edit: April 04, 2017, 02:31:42 pm by Stewart »

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13398
  • Karma: +589/-7
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #19 on: April 04, 2017, 02:31:09 pm »
What options did you selected to enable multiport?

Offline Stewart

  • Full Member
  • ***
  • Posts: 255
  • Karma: +16/-2
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #20 on: April 04, 2017, 02:33:01 pm »
What options did you selected to enable multiport?

What page has that option?  I don't think I intentionally selected anything, just clicked through.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13398
  • Karma: +589/-7
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #21 on: April 04, 2017, 02:36:03 pm »
I have it working on my setup, including ssl interception. Try to selext just one interface. I'll try another clean setup and see how how to reproduce this.

Offline Stewart

  • Full Member
  • ***
  • Posts: 255
  • Karma: +16/-2
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #22 on: April 04, 2017, 03:29:16 pm »
I have LAN and loopback selected since the default is Lan/loopback.  It's working with the sample config in place.

I ran a diff on the config file and the sample file and there is quite a bit of difference since the rows don't line up.  I cleared up the commented lines and here is what the config options are in the broken file:

Code: [Select]
languagedir = '/usr/local/share/e2guardian/languages'
language = 'ukenglish'
loglevel = 3
logexceptionhits = 2
logfileformat = 1
anonymizelogs = off
loglocation = '/var/log/e2guardian/access.log'
dstatlocation = '/var/log/e2guardian/dstats.log'
dstatinterval = 300  # = 5 minutes
statlocation = '/var/log/e2guardian/stats'
filterip = 192.168.1.1
filterip = 127.0.0.1
filterports = 8080
filterports = 8080
proxyip = 127.0.0.1
proxyport = 3128
proxytimeout = 30
proxyexchange = 20
pcontimeout = 55
usecustombannedimage = on
custombannedimagefile = '/usr/local/share/e2guardian/transparent1x1.gif'
usecustombannedflash = off
custombannedflashfile = '/usr/local/share/e2guardian/blockedflash.swf'
filtergroups = 1
filtergroupslist = '/usr/local/etc/e2guardian/lists/filtergroupslist'
bannediplist = '/usr/local/etc/e2guardian/lists/bannediplist'
exceptioniplist = '/usr/local/etc/e2guardian/lists/exceptioniplist'
perroomblockingdirectory = '/usr/local/etc/e2guardian/lists/bannedrooms/'
showweightedfound = on
urlcachenumber = 1000
urlcacheage =900
scancleancache = on
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = off
forcequicksearch = off
reverseaddresslookups = off
reverseclientiplookups = off
logclienthostnames = off
createlistcachefiles = on
prefercachedlists = off
maxcontentfiltersize = 256
maxcontentramcachescansize = 1000
maxcontentfilecachescansize = 2000
filecachedir = '/tmp'
deletedownloadedtempfiles = on
initialtrickledelay = 20
trickledelay = 20
downloadmanager = '/usr/local/etc/e2guardian/downloadmanagers/fancy.conf'
downloadmanager = '/usr/local/etc/e2guardian/downloadmanagers/trickle.conf'
downloadmanager = '/usr/local/etc/e2guardian/downloadmanagers/default.conf'
contentscannertimeout = 60
contentscanexceptions = off
recheckreplacedurls = off
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
logsslerrors = off
logchildprocesshandling = off
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 10
maxsparechildren = 32
maxagechildren = 500
maxips = 0
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
ipipcfilename = '/tmp/.dguardianipipc'
nodaemon = off
nologger = off
logadblocks = off
loguseragent =
daemonuser = 'clamav'
daemongroup = 'nobody'
softrestart = on
cacertificatepath = '/etc/ssl/demoCA/cacert.pem'
caprivatekeypath = '/etc/ssl/demoCA/private/cakey.pem'
certprivatekeypath = '/etc/ssl/demoCA/private/serverkey.pem'
generatedcertpath = '/usr/local/etc/e2guardian/ssl/generatedcerts'


Offline Stewart

  • Full Member
  • ***
  • Posts: 255
  • Karma: +16/-2
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #23 on: April 04, 2017, 03:43:36 pm »
Looks like it was because I had both LAN and loopback selected.  You may want to remove the verbage of "Default: LAN/loopback".  For the other fields it states what is used when nothing is entered.  In this field you still need to select the Interface.

Offline Cino

  • Hero Member
  • *****
  • Posts: 1516
  • Karma: +61/-2
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #24 on: April 04, 2017, 06:05:22 pm »
Looks like it was because I had both LAN and loopback selected.  You may want to remove the verbage of "Default: LAN/loopback".  For the other fields it states what is used when nothing is entered.  In this field you still need to select the Interface.

I concur. You have to select only one interface (LAN) to get it to work. When loopback is also selected, it wont start. I haven't had a chance to test the different options other then installing and enabling it using default options.

 Need to figure out an easy/clean way to convert my old Dansguardian config to E2guardian (within the config.xml)

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13398
  • Karma: +589/-7
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #25 on: April 04, 2017, 08:53:35 pm »
Need to figure out an easy/clean way to convert my old Dansguardian config to E2guardian (within the config.xml)

Easy as renaming it on xml(except for some config change from dansguardian to e2guardian) but I can help with a php script if you want.

Offline Stewart

  • Full Member
  • ***
  • Posts: 255
  • Karma: +16/-2
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #26 on: April 05, 2017, 11:20:51 am »
FYI:

When I go to ACLs -> Antivirus, the lower menu bar disappears. 
When I go to ACLs -> Search Engine, Both menu bars disappear.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13398
  • Karma: +589/-7
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #27 on: April 05, 2017, 11:27:59 am »
FYI:

When I go to ACLs -> Antivirus, the lower menu bar disappears. 
When I go to ACLs -> Search Engine, Both menu bars disappear.

It's a missing div on pkg_edit.php I've updated on install script.


EDIT

to apply the fix/update manually, under system_patches package, create a new patch with this info




Code: [Select]
--- pkg_edit.orig.php        2017-04-05 16:25:04.960401000 +0000
+++ pkg_edit.php 2017-04-03 22:56:33.184313000 +0000
@@ -651,6 +651,7 @@
 if ($savehelp) {
        $savebutton->setHelp($savehelp);
 }
+?><div id='mainarea'></div><?
 $form = new Form($savebutton);

 $form->addGlobal(new Form_Input(

folder /usr/local/www/
« Last Edit: April 05, 2017, 11:44:26 am by marcelloc »

Offline Stewart

  • Full Member
  • ***
  • Posts: 255
  • Karma: +16/-2
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #28 on: April 05, 2017, 11:34:28 am »
How do we download the blacklists for them to work?  On the Blacklist Tab I'm using http://www.shallalist.de/Downloads/shallalist.tar.gz as the Blacklist URL but when I go into the Default Site List and remove the "#" from in front of items on the list, e2guardian won't start.

I'm changing:
#.Include</usr/local/etc/e2guardian/lists/blacklists/adult/domains>
to
.Include</usr/local/etc/e2guardian/lists/blacklists/adult/domains>

and the error when starting is:

Code: [Select]
/root: /usr/local/etc/rc.d/e2guardian.sh start
kern.ipc.somaxconn: 16384 -> 16384
kern.maxfiles: 131072 -> 131072
kern.maxfilesperproc: 104856 -> 104856
kern.threads.max_threads_per_proc: 4096 -> 4096
Starting e2guardian.
Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory
Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains
Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default
Error opening bannedsitelist
Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf
Error reading filter group conf file(s).
Error parsing the e2guardian.conf file or other e2guardian configuration files
/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian

I'm guessing it's because the blacklist isn't really downloaded and applied.  I've tried changing the Update Frequency on the Blacklist Tab to Download and Update Now and I get an alert that says "E2guardian - Blacklist update process started" but I don't know how to see if it is doing anything.  After 20 minutes it still doesn't start if I uncomment the lines.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13398
  • Karma: +589/-7
    • View Profile
Re: Unofficial E2guardian package for pfSense
« Reply #29 on: April 05, 2017, 11:47:31 am »
How do we download the blacklists for them to work?

Select the option Download and update now, save, then back it to never or the update frequency You selected before.

I'll change it to a Download and update button soon to keep it easy to use.

Once it's downloaded and updated, I'll receive an system alert on gui.

Thanks for the feedback