DansGuardian package that provides web filtering capabilities seems not to work on the latest pfSense firewall distribution. Thanks to the effort of the open source community, and specifically Marcello Coutinho, e2guardian package (a fork of DansGuardian) made it to FreeBSD repos, and Marcello created a package for pfSense. While pfSense team is working to integrate the package into the official distribution to make it available through standard package management system, many people (including myself) would like to have e2guardian running right now and install it manually. Here are the step by step instruction for the manual installation process that I used to install it to my pfSense (with help from Marcello, Phil and other folks from pfSense forums).
I used VirtualBox VM while writing this guide. Steps 1 - 3 describe the process of setting up the VM and installing the prerequisites (Squid). If you have a running pfSense box with Squid where you'd like to try this out, you can skip the first 3 steps.
pkg #(choose yes to install package manager)
pkg update
pkg install e2guardian
/root
, and then download the file there. While in SSH shell, type the following: cd /root
fetch https://github.com/marcelloc/pfsense-packages/archive/be599ee41b2567459b1eaf55fff4ecb2ad3fa4ff.zip
/root
directory in the SSH from the previous step) unzip be599ee41b2567459b1eaf55fff4ecb2ad3fa4ff.zip
rm be599ee41b2567459b1eaf55fff4ecb2ad3fa4ff.zip #(we're deleting the archive since we don't need it anymore)
cd pfsense-packages-be599ee41b2567459b1eaf55fff4ecb2ad3fa4ff/config/e2guardian/
e2guardian.xml
file contains the locations where to put each file from the e2guardian directory (and which permissions to use)cp e2guardian.inc /usr/local/pkg/e2guardian.inc
chmod 0755 /usr/local/pkg/e2guardian.inc
cp e2guardian.php /usr/local/www/e2guardian.php
chmod 0755 /usr/local/www/e2guardian.php
cp e2guardian_ldap.php /usr/local/www/e2guardian_ldap.php
chmod 0755 /usr/local/www/e2guardian_ldap.php
cp e2guardian_ldap.xml /usr/local/pkg/e2guardian_ldap.xml
chmod 0755 /usr/local/pkg/e2guardian_ldap.xml
cp e2guardian_limits.xml /usr/local/pkg/e2guardian_limits.xml
chmod 0755 /usr/local/pkg/e2guardian_limits.xml
cp e2guardian_ips_header.template /usr/local/pkg/e2guardian_ips_header.template
chmod 0755 /usr/local/pkg/e2guardian_ips_header.template
cp e2guardian_users_header.template /usr/local/pkg/e2guardian_users_header.template
chmod 0755 /usr/local/pkg/e2guardian_users_header.template
cp e2guardian_users_footer.template /usr/local/pkg/e2guardian_users_footer.template
chmod 0755 /usr/local/pkg/e2guardian_users_footer.template
cp e2guardian_about.php /usr/local/www/e2guardian_about.php
chmod 0755 /usr/local/www/e2guardian_about.php
cp e2guardian_config.xml /usr/local/pkg/e2guardian_config.xml
chmod 0755 /usr/local/pkg/e2guardian_config.xml
cp e2guardian_sync.xml /usr/local/pkg/e2guardian_sync.xml
chmod 0755 /usr/local/pkg/e2guardian_sync.xml
cp e2guardianfx.conf.template /usr/local/pkg/e2guardianfx.conf.template
chmod 0755 /usr/local/pkg/e2guardianfx.conf.template
cp e2guardian_url_acl.xml /usr/local/pkg/e2guardian_url_acl.xml
chmod 0755 /usr/local/pkg/e2guardian_url_acl.xml
cp e2guardian_site_acl.xml /usr/local/pkg/e2guardian_site_acl.xml
chmod 0755 /usr/local/pkg/e2guardian_site_acl.xml
cp e2guardian_search_acl.xml /usr/local/pkg/e2guardian_search_acl.xml
chmod 0755 /usr/local/pkg/e2guardian_search_acl.xml
cp e2guardian_pics_acl.xml /usr/local/pkg/e2guardian_pics_acl.xml
chmod 0755 /usr/local/pkg/e2guardian_pics_acl.xml
cp e2guardian_phrase_acl.xml /usr/local/pkg/e2guardian_phrase_acl.xml
chmod 0755 /usr/local/pkg/e2guardian_phrase_acl.xml
cp e2guardian_log.xml /usr/local/pkg/e2guardian_log.xml
chmod 0755 /usr/local/pkg/e2guardian_log.xml
cp e2guardian_header_acl.xml /usr/local/pkg/e2guardian_header_acl.xml
chmod 0755 /usr/local/pkg/e2guardian_header_acl.xml
cp e2guardian_groups.xml /usr/local/pkg/e2guardian_groups.xml
chmod 0755 /usr/local/pkg/e2guardian_groups.xml
cp e2guardian_file_acl.xml /usr/local/pkg/e2guardian_file_acl.xml
chmod 0755 /usr/local/pkg/e2guardian_file_acl.xml
cp e2guardian_content_acl.xml /usr/local/pkg/e2guardian_content_acl.xml
chmod 0755 /usr/local/pkg/e2guardian_content_acl.xml
cp e2guardian_blacklist.xml /usr/local/pkg/e2guardian_blacklist.xml
chmod 0755 /usr/local/pkg/e2guardian_blacklist.xml
cp e2guardian_antivirus_acl.xml /usr/local/pkg/e2guardian_antivirus_acl.xml
chmod 0755 /usr/local/pkg/e2guardian_antivirus_acl.xml
cp e2guardian.conf.template /usr/local/pkg/e2guardian.conf.template
chmod 0755 /usr/local/pkg/e2guardian.conf.template
cp e2guardian_rc.template /usr/local/pkg/e2guardian_rc.template
chmod 0755 /usr/local/pkg/e2guardian_rc.template
cp pkg_e2guardian.inc /usr/local/www/shortcuts/pkg_e2guardian.inc
chmod 0755 /usr/local/www/shortcuts/pkg_e2guardian.inc
cp e2guardian.xml /usr/local/pkg/e2guardian.xml
config.xml
file through web UI, edit the downloaded backup file in a text editor and then upload it back to pfSense (restore backup). Other way to do it is to edit it directly in pfSense using a console editor. I did it using the console editor and that's what I'll describe here.nano
editor (just because I'm not very familiar with vi
, if you're comfortable with vi
, you can use that and skip this step):pkg install nano
config.xml
file:nano /cf/conf/config.xml
<menu>
entries - you should locate the entries for squid proxy which should look something like this:<menu>
<name>Proxy server</name>
<tooltiptext>Modify the proxy server's settings</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=squid.xml&id=0</url>
</menu>
</menu>
tag, press enter to add new line, and copy paste the e2guardian menu xml fragment into the editor. Here's the fragment:<menu>
<name>E2guradian</name>
<tooltiptext>E2guradian</tooltiptext>
<section>Services</section>
<configfile>e2guardian.xml</configfile>
</menu>
<menu>
entries, you should locate the <service>
entries. For example, <service>
for Squid looks like this:<service>
<name>squid</name>
<rcfile>squid.sh</rcfile>
<executable>squid</executable>
<description><![CDATA[Proxy server Service]]></description>
</service>
</service>
tag, press enter to add a new line, and copy paste the e2guardian service xml fragment into the editor. Here's the fragment:<service>
<name>e2guardian</name>
<rcfile>e2guardian.sh</rcfile>
<executable>e2guardian</executable>
<description><![CDATA[content filtering]]></description>
</service>
nano
editor's command to save and close the file), y (to confirm) and press enter<menu>
and <service>
part of the configuration file at the bottom of the page to check how the config file should look like after the editing has been completed. cd /root
rm -rf pfsense-packages-be599ee41b2567459b1eaf55fff4ecb2ad3fa4ff
That's it!
...
<installedpackages>
<tab/>
<menu/>
<menu>
<name>Proxy server</name>
<tooltiptext>Modify the proxy server's settings</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=squid.xml&id=0</url>
</menu>
<menu>
<name>E2guradian</name>
<tooltiptext>E2guradian</tooltiptext>
<section>Services</section>
<configfile>e2guardian.xml</configfile>
</menu>
<menu>
<name>Reverse Proxy</name>
<tooltiptext>Modify the proxy reverse server's settings</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url>
</menu>
<service/>
<service>
<name>squid</name>
<rcfile>squid.sh</rcfile>
<executable>squid</executable>
<description><![CDATA[Proxy server Service]]></description>
</service>
<service>
<name>e2guardian</name>
<rcfile>e2guardian.sh</rcfile>
<executable>e2guardian</executable>
<description><![CDATA[content filtering]]></description>
</service>
<service>
<name>clamd</name>
<rcfile>clamav-clamd</rcfile>
<executable>clamd</executable>
<description><![CDATA[Clamav Antivirus]]></description>
</service>
<service>
<name>c-icap</name>
<rcfile>c-icap</rcfile>
<executable>c-icap</executable>
<description><![CDATA[Icap inteface for squid and clamav integration]]></description>
</service>
...