Topic: [contrib update] - Block Internet access using squid

[loveless]

I've updated my squidProperties contrib.  I just added the functionality to let you enter specific IP's that you want to allow network access, but DENY INTERNET access.

I've tested briefly on SME v6.0.1 in Gateway mode and would welcome any other testers, and any feedback.

Find the info here:
http://www.tech-geeks.org/contrib/loveless/SMEServer/contribs/squidProperties/

With a little prodding, it shouldn't be too difficult to add the ability to block by subnet or IP range.  But, for now you have to add 1 IP at a time.

[jcoleman]

Prod, prod..  

The ability to block by range would be great for companies using dhcp ranges for their internal workers.   That way we don't have to assign static IPs out of the scope to keep this working.

Thanks for the great contrib Abe!

-jeff

[Smeily]

I've tested your contrib on 6.0 from SME
and 6.01 from Contribs.org. The SME box does
the job perfectly - nice blocking but lan acces!
The Contribs.org well everything seems ok, but
trying to block a specific IP and then testing that
workstation does't affect internet acces at all.
Have you portet this ability from your other contrib
mac and ipblock? That contrib in beta gave me trouble
when trying to add blocked adresses either MAC or IP.
 

[loveless]

I've tested your contrib on 6.0 from SME
and 6.01 from Contribs.org. The SME box does
the job perfectly - nice blocking but lan acces!
The Contribs.org well everything seems ok, but
trying to block a specific IP and then testing that
workstation does't affect internet acces at all.
Have you portet this ability from your other contrib
mac and ipblock? That contrib in beta gave me trouble
when trying to add blocked adresses either MAC or IP.
 

Thanks for the feedback, but I'm afraid got confused.  

Just to clarify, you tested the squidProperties-0.3.tar contrib on 2 servers.  The v6.0 server worked as it should.  And, the v6.0.1 server did not work.  Correct?

What else is different between these boxes?  Are you running squidGuard or DansGuardian, by chance?  I've had 1 report that the contrib might fail if using DansGuardian... but it has not been confirmed yet.

Thanks

[loveless]

Prod, prod..  

I just did a little more research, and I think it will already work as long as the following format is followed:

10.0.0.10-10.0.0.25

Where 10.0.0.10 is the "start IP" and 10.0.0.25 is the "end IP.  And, there are no spaces between the hyphen and the start/end ip.

If you can try it, let me know what happens.

Thanks,
Abe

[loveless]

Looks like "https" traffic is still getting through.  Can anyone else confirm this?  I think I've got some tweaking to do on my squid rules.

[aussie]

I've updated my squidProperties contrib.  I just added the functionality to let you enter specific IP's that you want to allow network access, but DENY INTERNET access.

I've tested briefly on SME v6.0.1 in Gateway mode and would welcome any other testers, and any feedback.

Find the info here:
http://www.tech-geeks.org/contrib/loveless/SMEServer/contribs/squidProperties/

With a little prodding, it shouldn't be too difficult to add the ability to block by subnet or IP range.  But, for now you have to add 1 IP at a time.

Hi Abe!
Ive installed this on 6.01-01 and all went in ok.
I see the server-manager panel & can add to the restricted / allow lists.
Adding to the restricted strips a line from ipsec, and adding to the allow adds a line - ok so far.

The old squidguard seemed to be driven from squidguard.conf, but the new from squid.conf which I do not understand.
With the 'old' i amended squidguard.conf to deny all access other than the list in ipsec which had access except to blocked sites, as that suited my purpose.

With the new ...
1. it only bar blocked sites: how would I bar per above?
2. attempt to access a bad site simply replies err404 not found: can I cause a screen to appear like before (ACCESS DENIED or someting http of the like)?

TIA Rob

[aussie]

I've updated my squidProperties contrib.  I just added the functionality to let you enter specific IP's that you want to allow network access, but DENY INTERNET access.

I've tested briefly on SME v6.0.1 in Gateway mode and would welcome any other testers, and any feedback.

Find the info here:
http://www.tech-geeks.org/contrib/loveless/SMEServer/contribs/squidProperties/

With a little prodding, it shouldn't be too difficult to add the ability to block by subnet or IP range.  But, for now you have to add 1 IP at a time.

Hi Abe!
Ive installed this on 6.01-01 and all went in ok.
I see the server-manager panel & can add to the restricted / allow lists.
Adding to the restricted strips a line from ipsec, and adding to the allow adds a line - ok so far.

The old squidguard seemed to be driven from squidguard.conf, but the new from squid.conf which I do not understand.
With the 'old' i amended squidguard.conf to deny all access other than the list in ipsec which had access except to blocked sites, as that suited my purpose.

With the new ...
1. it only bar blocked sites: how would I bar per above?
2. attempt to access a bad site simply replies err404 not found: can I cause a screen to appear like before (ACCESS DENIED or someting http of the like)?

TIA Rob

[aussie]

Hi Abe Loveless,
a couple of us seem to be having hassles / questions with your squidguard install for sme6.01 eg the tpoic below.

http://forums.contribs.org/index.php?topic=24924.0

of course if this a an inappropriate means to draw it to your attention, I apologise profusely.
regards Rob

[irule]

Installed this on a 6B3 without any problems!

Is it possible to blok internet but let the virus update go through?