Thanks Dirk, will do that

Anyway, the last question was just filtergroups = 2, should be = 3 (Default, Adm and Adm2).

Sounds like you need to sign up with the dansguardian forums that have a wealth of knowledge. They actually use Yahoo for their forums, but as I said, they're very helpful. If you get it to work, please post your findings because this isn't the first time this subject has come up on the forums.

Just commented the line you suggested, nothing

Well, I'm missiing something: on webgui, when any of the two 2 filter groups I've created ('Adm' and 'Adm2') there's an error on bottom of screen:

No match found in file - /etc/dansguardian-av/dansguardian.conf for key /^filtergroupslist\s"=\s*/

What should I check now?

Thanks in advance.

Try commenting out the user authentication line in dansguardian.conf that allocates the script that assigns users to filter groups, so that ipgroups authentication can take precedence. Use the # sign.

# filtergroupslist = '/etc/dansguardian-av/lists/filtergroupslist'

Just tried, but nothing happened. I created 2 groups 'Adm' and 'Adm2', each with an IP range; added a site to the banned list, filtergroups = 3, etc. but the url continues to being accessed normally. Checked and rechecked, restarted dansguardian-av after each try... but nothing.

Any other ideas?

Can I make a suggestion that when you partition your IP ranges you look at doing it in nice subnets, e.g 192.168.1-127, 192.168.1.128-254 (technically 255 but you cant use 255 itself) or 0-63, 64-127, 128-192, 192-255? Then you can also use CIDR notation (e.g. 192.168.1.0/26 is the same as 0-63) to express the ranges. It may help you later on.

won't know if it works until you try it...by all rights it should...it's not going to hurt if you do try it, just copy the original files like I said and put them back if your changes don't work...you'll have to restart the content filter service like I posted

certainly you can post the steps you take and the results to see if we can stumble through getting it to work

Thank you, I was setting up another ClearOS just to filter some sites that should be allowed on some other IP range.

With your instructions, it will work just to filter differently, by IPs not user?

192.168.1.1-100 (admin machines, proxy filtered, webmails sites NOT allowed)
192.168.1.101-200 (students machine, proxy filtered, webmails sites allowed)

Will that scenario be possible to achieve with your instructions?

Thanks in advance!

Before making any changes to files listed in this post, make backup copies of them so you can put stuff back to what it was if it gets messed up on you.

That said, you’ll want to enable authentication plugins in the script for the file etc/dansguardian-av/dansguardian.conf by removing the # symbol from this line: #authplugin = '/etc/dansguardian-av/authplugins/ip.conf'

Additionally you’ll want to set the number of ipranges (i.e. filter groups) you plan on having assigned their own filtering rules in the same file (i.e. dansguardian.conf) by putting this number in the line: filtergroups = 2

You could then duplicate a filter group file for each iprange you’re looking to assign different filtering rules to. You’ll find the default filter group in the directory etc/dansguardian-av/ and it’s called dansguardianf1.conf. Make sure each duplicate file is given a different number in its file name, keeping these numbers sequential; dansguardianf2.conf, dansguardianf3.conf, dansguardianf4.conf. etc.

At the top of the script for each filter group file you just created there is a spot for a unique group name you’ll want to assign: groupname = 'Default'
Change Default to whatever name you want to assign the group.

Then, under /etc/dansguardian-av/lists/authplugins there is a file called ipgroups that allows you to assign ipranges to filter groups. An example exists in the script, but basically you need to assign the previously created filter group file(s), having one per filtergroup; 192.168.1.0-192.168.1.154 = filter1
192.168.1.155-192.168.1.175 = filter2
192.168.1.0-176.168.1.255 = filter3

Restart the content filter at your command prompt

Service dansguardian-av restart

You should then be able to pull up the different filter groups by name in the webconfig, under the content filter settings.

Don't try to add filter groups in the content filter configuration of the webconfig because messes up your file structure in the dansguardian-av directory. It's better to work directly with the files.