Hi! I just moved from Zentyal and Ubuntu before that and my web filters worked well from those sytems using SquidGuard. I thought ufdbGuard of NethServer wouldn’t be that much different. Anyway I’m just trying to find something stable and easy to pass on to my successors when the time comes and I find NethServer to be promising.
Our policy is to block certain website categories at all times (default) and some more from 9:00am to 11:00am and from 1:00pm to 4:00pm during weekdays. On weekends the filters will be just at default. After 11:00am the web filter reverts to the default, but at 1:00pm onwards it stays at the default. The filters work again the next morning and fails again in the afternoon. There are no groups created as the filter is for all users and occasional guest users, so I just indicate the only Green Zone in the Who.
I also tried to redo the profile so that the afternoon filter will be on top of the list, and the filter works until the next morning the default profile still applies but works again in the afternoon.
It seems like the Web Filter is only using the first profile and reverts to the default, bypassing the next on the list.
I hope someone can help me do this right because, to be honest, I don’t have IT background and just trying to learn and implement as I go along based on what I can find from the Internet.
I managed to make it work by removing the afternoon Time and afternoon Profile, then editing ufdbGuard.conf manually to something like:
time blocktimes {
weekly mtwhf 09:00-11:00
weekly mtwhf 13:00-16:00
}
However, this won’t stick when there are updates to the web filter, such as the blacklist, I suppose. I can edit them again though to my liking, but definitely I can’t pass this to an assistant who is not comfortable with working in the terminal. Besides we have to keep an eye on it all the time, in case the config file reverts. I hope improvements to the web filter GUI can be made to make such changes permanent and more reliable.
For the meantime, is there a way to make such change to the config file to be permanent?
Looking forward for NethServer to keep better and better. Thank you for any help.
Nethserver is template based, you have to create a custom template to make changes permanent. Here you can read howto make a custom template.
If you need some help, don’t be shy for asking.
Hi Michael, thank you for the guidance. I looked around the ufdbGuard.conf directory and they’re all greek to me. I’ll try to play around later after backing up things. Can I just remove everything in 40times and replace it with:
time blocktimes {
weekly mtwhf 09:00-11:00
weekly mtwhf 13:00-16:00
}
I’m so sorry, I don’t have programming background.
and edit the file in templates-custom. If it doesn’t work you only have to delete 40times in template-custom and do the
expand-template /etc/ufdbguard/ufdbGuard.conf
again and everything is like before
The right code for the config you can find here:
8.6 Time-Based ACLs
ufdbGuard supports time-based ACLs which enable the implementation of internet usage policies that
have different policies during different time of the day or week. As the first step, a definition of one or
more time intervals is given with the time statement. A time interval definition can contain two types
of time intervals: the weekly directive is used to define reoccurring time intervals and the date
directive is used to define special dates. The syntax is explained with the following example.
time “working-hours” {
weekly mon,tue,wed,thu,fri 08:00 – 19:00
weekly sat,sun 08:00 – 12:30
date --01 # every first of the month
date 2010-12-31
}
Weekly reoccurring hours have one or more days separated by commas or a wild character, followed by
a time interval: HH:MM – HH:MM. The names of the days may be replaced by the wild card “*” to
denote all days. Dates have the format YYYY-MM-DD and may contain a wild character for the year,
month and/or day.
Once the time intervals are defined, they can be applied to the ACLs with the directives within,
outside and else. The following example shows how these directives can be used.
acl {
allSystems within “working-hours” {
pass !security !adult !proxies !p2p !dating !entertain !webmail any
} else {
pass !security !adult !proxies !p2p any
}
…
In the above example users are not allowed access to sites in the categories dating, entertainment and
webmail during office hours. The else part defines an alternative ACL for all other hours that are not
inside the working-hours time interval. The else part is optional.
As an alternative to the within directive, the outside directive can be used which has opposite
semantics.
I was looking at that yesterday but haven’t had the time yet to play with it. Now is the time. I’d like to document it here what I had done. There’s probably someone else out there like me but is too shy to ask, so they may also do what I did. BTW, I also installed nano prior because it’s the only thing I know.
I figured I only need to modify the time for my needs so I didn’t touch anything else. I also didn’t bother changing any unused variables, too coward to do so. I’ll give it a week to observe how it behaves. I’ll come back by then to remark if it does works the way I wanted it to be. Else, I’ll run back here right away for help.
Of course some suggestions for improvements are most welcome. Thank you all for your help.
