UT1 blacklist not showing category.

Started by Q3tNHn, December 10, 2024, 07:22:05 PM

Previous topic - Next topic
Hi all,
I am following this tutorial to set up web filtering on my OPNsense instance: https://docs.opnsense.org/manual/how-tos/proxywebfilter.html
But UT1 blacklist is not showing any category after I successfully download and apply the list.
Please help!

Now I can't even start Squid service. Here's the error message:

Starting squid.
CPU Usage: 5.075 seconds = 4.996 user + 0.079 sys
Maximum Resident Size: 1308160 KB
Page faults with physical i/o: 0
2024/12/10 13:27:02| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/12/10 13:27:02| Starting Authentication on port 127.0.0.1:3128
2024/12/10 13:27:02| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2024/12/10 13:27:02| Starting Authentication on port [::1]:3128
2024/12/10 13:27:02| Disabling Authentication on port [::1]:3128 (interception enabled)
2024/12/10 13:27:02| Starting Authentication on port 127.0.0.1:3129
2024/12/10 13:27:02| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2024/12/10 13:27:02| Starting Authentication on port [::1]:3129
2024/12/10 13:27:02| Disabling Authentication on port [::1]:3129 (interception enabled)
2024/12/10 13:27:02| WARNING: empty ACL: acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl"
2024/12/10 13:27:02| Starting Authentication on port 127.0.0.1:2121
2024/12/10 13:27:02| Disabling Authentication on port 127.0.0.1:2121 (interception enabled)
2024/12/10 13:27:02| Starting Authentication on port [::1]:2121
2024/12/10 13:27:02| Disabling Authentication on port [::1]:2121 (interception enabled)
2024/12/10 13:27:07| ERROR: '.ai-nude.adult' is a subdomain of '.adult'
2024/12/10 13:27:07| ERROR: You need to remove '.ai-nude.adult' from the ACL named 'remoteblacklist_ut1'
2024/12/10 13:27:07| Not currently OK to rewrite swap log.
2024/12/10 13:27:07| storeDirWriteCleanLogs: Operation aborted.
2024/12/10 13:27:07| FATAL: Bungled /usr/local/etc/squid/squid.conf line 72: acl remoteblacklist_ut1 dstdomain "/usr/local/etc/squid/acl/ut1"
2024/12/10 13:27:07| Squid Cache (Version 6.10): Terminated abnormally.
/usr/local/etc/rc.d/squid: WARNING: failed to start squid

December 10, 2024, 07:55:40 PM #2 Last Edit: December 20, 2024, 10:29:17 AM by meyergru
You are correct, that seems like a bug. Obviously, the UI does not correctly extract the categories after download of the ACLs. One can see that they are fetched correctly by looking at more /usr/local/etc/squid/acl/UT1.index.

You should raise an issue here.

The second error is a misconfiguration and the error messages clearly state which.

Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+

@Q3tNHn - I have same error when i upgraded my OPNSense to 24.7.10.
I thought my proxy corrupted and now i can see not only me.
Please OPnsense, help us fix this bug please

I can almost guarantee you that there will be no fix unless someone reports a bug on Github. I do not use that feature, so I won't.

Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+

December 20, 2024, 09:23:20 AM #5 Last Edit: December 27, 2024, 11:21:35 PM by droumanet
Issue has been submitted and confirmed: https://github.com/opnsense/plugins/issues/4392

Edit 2024-12-27: By the way, I manage an other OPNSense firewall in 24.1 version and it's able to manage categories, read list and so on... a bug is probably the cause in 24.7 version.