Yea, I had the same problem. It _was_ supposably fixed once.. This is an older letter from Michael Capp (was he the one taking care of the squid package?) --> This issue has been resolved in what will be the next release. There were actually two bugs causing this. The first is that pf_networks was sometimes defined twice due to duplicate lines of code. The second is that in attempting to duplicate this, squid did not seem to like multiple acl's defined on an http_access allow line; therefore, in the new code I split this out on a per line basis and also add "http_access deny !pf_networks" to better handle the properly allowed network. In the testing I've been able to do, this seemed to resolve it. So now, your squid.conf will read similar to this if you have networks defined:
#GUI admin to allow local connections http_access allow pf_ips http_access allow pf_admin_port http_access deny !pf_networks On 4/26/06, Gary Buckmaster <[EMAIL PROTECTED]> wrote: > Is this the bug where it accidentally defines an ACL called "all" as the > same network/netmask as the LAN? If so, I swear I thought that was fixed. > > Charles Sprickman wrote: > > On Mon, 24 Apr 2006, Gary Buckmaster wrote: > > > >> Charles, > >> > >> The Squid package was started by someone who stubbed in a lot of > >> functionality and then promptly fell off the face of the earth. As a > >> result, a lot of what's in the user interface including the tie-in to > >> squidGuard isn't there. That's not to say that you couldn't install > >> squidGuard on your pfSense box and manually configure it, but the > >> WebGUI is incomplete at this time. > > > > It looks like it might be a good idea to mark this one broken. I'm > > not much of a squid expert, but it looks like if you use it in it's > > default config with the acl rules that the php page builds it blocks > > all access... > > > > I'll have to revisit it after I digest squid.conf some more. > > Hopefully I can come up with a working config and inject that into the > > existing package. > > > > Charles > > > >> -Gary > >> > >> Charles Sprickman wrote: > >>> Hi all, > >>> > >>> I'm running RELENG_1_SNAPSHOT_04-12-2006 and am very happy with it. > >>> Traffic shaping (one of my main concerns since I do lots of VoIP) is > >>> working great for me. > >>> > >>> I installed the squid package (2.5.12.1) just to play with it and > >>> perhaps do some network-wide URL blocking for ads. When I go to > >>> "Services->Squid" there's a checkbox that is labelled "URL Filtering > >>> Enabled". There's also an explanation next to it: > >>> > >>> "This enables the advanced functionality in conjunction with > >>> squidGuard to provide an array of URL filtering options. This > >>> squidGuard functionality can be additionally configured from > >>> Services -> Advanced Proxy Filtering" > >>> > >>> I don't see any "Advanced Proxy Filtering" link under the services > >>> menu. Am I missing something, or is this feature just not here yet? > >>> > >>> That also brings up a very general question... There's a few things > >>> that I'd like to twiddle besides the squid config, including an > >>> "illegal" dhcp setup where I hand my laptop the same IP via wired or > >>> wireless. What are the plans, if any, to allow a user to override > >>> the pfsense-generated configs? > >>> > >>> Thanks, > >>> > >>> Charles > >>> > >>> ___ > >>> Charles Sprickman > >>> NetEng/SysAdmin > >>> Bway.net - New York's Best Internet - www.bway.net > >>> [EMAIL PROTECTED] - 212.655.9344 > >>> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Szasz-Revai Endre Str. Marasesti No. 7 551058 Medias, Jud. Sibiu Tel: +(40) 745 308638 Email: [EMAIL PROTECTED]
