Messages

Would you mind sharing your squidguard conf so others get an idea what would be possible to solve? :)

Sure thing  :)

First, you must ssh into your device and, after this, you must have squidguard installed (I already posted previously how to do it) and you should install a text editor (like nano: pkg install nano)

My "squidGuard.conf" is something like (located inside "/usr/local/etc/squid/")(it was basically what I had on pfSense):

Code Select Expand

logdir /var/log/squid
dbhome /usr/local/etc/squid/db

dest block {
        expressionlist expressions
}

acl {
        default {
                pass !block any
                redirect http://localhost/sgerror.php
        }
}

After modifying "squidGuard.conf" to your liking, you have to add your lists (in my case, I had 1 list: "expressions", inside "/usr/local/etc/squid/db" / my rules are regex based, that's why I used "expressionlist").

Now you have to generate squidguard's database, using:

Code Select Expand

squidGuard -C all

Next, you must change your database(s) ownership, using:

Code Select Expand

chown -R squid:squid /usr/local/etc/squid/db

After all the previous steps, you have to add squidguard support inside squid. For this, I created a "squid.conf.local" (located inside "/usr/local/etc/squid/"), to avoid losing squidguard support, every time I make a change in "Web Proxy" GUI. Inside the file add:

Code Select Expand

url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf

Finally, you have to reconfigure/restart squid, to activate the configuration:

Code Select Expand

/usr/local/sbin/squid -k reconfigure

Code Select Expand

/usr/local/etc/rc.d/squid restart (I'm not sure if this is required, but I do it anyways)

And that's it, I think I didn't forget anything and I hope it helps.
If someone has a suggestion or sees something wrong, please, don't be shy and step forward. I would really appreciate it :)

PS:
I would like to apologize for any vocabulary/grammatical mistakes. I'm not an English native speaker.

If conf.local gets loaded correctly this will be fine :)

In the mean time, I created and configured the file and it's working great :)
I made some changes in the Web Proxy GUI to test and everything worked.

Again, thank you very much for everything.
You are truly outstanding and I'm glad OPNSense's community has people like you willing to help clueless people, like myself ;D

There are config include folder for squid where you can add your conf files and dont get overwritten :)

Hello again :)

I dug a little bit today and it seems that the right way of doing this is creating an extra squid.conf.local file (in the same directory of the original) and add there the extra config (and this way I can change Web Proxy settings without affecting squidguard).

Is this the correct way?
I'm sorry if this is a stupid question, but I'm really ignorant about BSD systems.

Again, thank you very much for helping me :)

Seja muito bem vindo a nossa comunidade!

Sim, há, nós da Cloudfence desenvolvemos um plugin baseado no squidGuard. Você pode instala-lo seguindo estes passos:

https://wiki.cloudfence.com.br/portugues/plugin-webfilter-opnsense

Olá, muito obrigado pela resposta.
Entretando consegui instalar e configurar o squidguard através da cli.
Também dei uma olhada no vosso plugins e também me parece muito bom, principalmente para aqueles que precisam de GUI.
Mais uma vez muito obrigado e desejo todo o sucesso do mundo para a vossa empresa :)

[mimugmail]

Oh, sorry, my mistake.You are right, you need to install packages not belonging via shell using the pkg command.I use to install packages via ansible, so the one I installed this way, show up in the GUI, so my assumption was wrong.So the CLI is the right way....

No woories  ;)
In the mean time, I was able to get squidguard working and it's working great (I will test it more deeply in the coming days).
Thank you very much mimugmail for providing squidguard and all the other packages/plugins  :)

I would like to make a QOL suggestion to OPNSense devs/staff:
Can you make a check box in "Web Proxy" to automatically add support for squidguard inside squid.conf file?
(It would automatically add "url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf" at the end of squid.conf, every time a change is made in the "Web Proxy" GUI).
I'm asking this because every time I make a change in "Web Proxy" GUI and apply that change, the squid.conf file is changed, erasing the "url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf" line, which is a bit annoying.
Is it possible?

Again, thank very much to everyone involved, directly and indirectly, in the development of this amazing open source project.
I'm trilled with the switch and I'm really rooting for OPNSense's success  :)

CLI is IMHO the best way, but it should show up under /ui/core/firmware#packages aka. System: Firmware  Packages tab too ...

Do all mimugmail's packages (installed and to install) show up in "System>Firmware>Packages" for you?
For me, squidguard only showed up there, after installing it through cli.
I'm sorry if I'm making stupid questions, but I'm pretty new to opnsense (despite having a bit of experience with pfsense, but with that most things are GUI based).
Anyway, I'm really happy and grateful that this option exists, despite the lack of GUI.

pkg means a Package and not a Plugin

Thank you for the tip.
You are absolutely right, this must be installed through cli.
If anyone ends up in this topic. searching for the same thing (squidguard):
1-ssh into the device
2-press 8 to enter the shell
3-install mimugmail's repo, if you haven't yet
4-pkg install squidguard

Thank you very much to mimugmail and zerwes, for pointing me into the right direction :)

I offer the pkg in my repo, but no GUI to configure it

https://www.routerperformance.net/opnsense-repo/

Hi, thank you very much for answering.
What is the name of the package? (I already installed the repo and updated the packages)
I must be blink (or dumb), because I don't find anything related to squidguard in my "Plugins" tab.
About the lack of GUI, I don't mind as long as the functionality is the same (and I'm familiar with cli interfaces, so it's not a problem).
Again, thank you very much.

PS:
By the way, I would like take the opportunity to thank you for providing so many awesome packages in your repo (Adguard is a really good replacement for pfBlockerNG).

Olá amigos lusófonos :).

Eu gostaria de migrar do pfsense para o opnsense e até já portei a maioria das configurações para opnsense.
Adorei o opnsense, contudo necessito da funcionalidade do squiguard.

Há alguma forma de instalar o squidguard ou outro plugin similar no opnsense?
Eu sei que o squid já vem instalado de origem no opnsense (Web Proxy), mas eu preciso de filtrar o URL completo, usando regex (o squid só filtra host/domain), dai a necessidade do squidguard.

Muito obrigado.

PS:
Também coloquei esta mesma questão no fórum em ingês:
https://forum.opnsense.org/index.php?topic=28183.0

Hello.
I would like to migrate from pfsense to opnsense and I already ported most of my configs to opnsense.
I really like opnsense, but I only have one problem:
Squidguard

Is there some way to add squidguard to opnsense or is there any other plugin that does the same job?
I know that opnsense already has squid built-in (Web Proxy), but I need something more powerful, because squid is only host/domain (and IP) based blocking and I need to process the complete URL string (with regex), that's why I need something like squidguard.

Thank you.