squidguard 1.4_4 pkg v.1.9.6 creates this config file:
The rule for Groups ACL for host1 is disabled.
/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf
src host1 {
ip 10.1.1.1
log block.log
}
src host2 {
ip 10.1.1.2
log block.log
}
acl {
host2 {
pass ...
log block.log
}
default {
...
log block.log
}
}
Problems:
1) src host1 is defined, but has no ACL. Squidguard treats this silently as
"pass all"!!
Solution: Write the config lines but comment them out, or don't write the lines
belonging to disabled rules to the config file.
This is a critical failure for something that is supposed to give protection.
2) The BUI has a column "Disabled" in the "Groups ACL" tab. For disabled rules
it says "on".
Please make this clearer and say "yes".
Of course, currently "disabled" means "all access control disabled", not "rule
disabled"!
3) Inside the acl{} block only the default{} part is allowed to have a log
statement. For each of the host2{} blocks containing a log statement an error
like this is generated:
2014-06-02 22:36:51 [51713] logfile not allowed in acl other than default
The pfsense bug tracker doesn't seem to be for pfsense packages, in lieu
of a better place I post it here.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list
