My Community Dashboard

Toggle Sidebar
News Feed
  • Steffen Schulze
    hi, i have running a gateway with content filter and a applicationfilter.
    can i see when users try to connect to blokked apps or websites ?
    Its a Newest ClearOs Home version
  • Nick Howitt
    Nick Howitt's reply was accepted as an answer

    Re: Allowing only few websites for browsing

    The theory is easy if you are not using the proxy. Go to Webconfig > Network > Firewall > Egress Firewall and change the mode to "Block all outgoing traffic - specify allowed destinations" then specify the allowed IP's. In practice this is not always so easy if the FQDN does not resolve to a single IP address. Google and Facebook (as an example) round-robin their IP's for load balancing so you would need to unblock a whole block of addresses for them to work reliably and it does not help using FQDN's in your firewall rules as the FQDN is converted to an IP address when the rule is loaded and it does not get re-evaluated until the rule is reloaded. Use this site to wok out what you may need to unblock.

    This method blocks traffic from LAN to WAN but not from ClearOS to WAN.

    As an alternative you could use the Content Filter with authentication or there is a more recent app, Gateway Management which may be more suited. There is a free (Community) and commercial version of Gateway Management. I don't have experience of these apps.

  • Shawn Wood
    Shawn Wood just registered on the site
  • Shawn Wood
    Shawn Wood unlocked the badge Newbie
    Newbie
    Congrats on registering on the site!
  • Charles Sicher
    Charles Sicher is now following Nick Howitt
  • Nick Howitt
    Nick Howitt's reply was accepted as an answer

    Re: Let's Encrypt .

    If you used the Let's Encrypt app, then renewal will be automatic. It checks for expiry after 2 months and renews when it can after that. After it renews it automatically restart the Web Server and Webconfig so the new certificates are read in.

    If you did not use the app, but user certbot manually, just install the app and it will take over looking after your certificate renewal for you.

    For e-mail apps please see this HowTo. If you implement the certificates for any other apps, please let me know the details of how and I will add them to the HowTo and make it generic rather than just for mail apps.

  • Dave Loper
    Dave Loper replied to a discussion, install errors

    Here is your bug filed:

    https://tracker.clearos.com/view.php?id=19211

    The developers are working on it and should have an updated fix soon. I'll watch the build system for their commit and report further when I know more.

  • Nick Howitt
    Nick Howitt replied to a discussion, Let's Encrypt .

    If you used the Let's Encrypt app, then renewal will be automatic. It checks for expiry after 2 months and renews when it can after that. After it renews it automatically restart the Web Server and Webconfig so the new certificates are read in.

    If you did not use the app, but user certbot manually, just install the app and it will take over looking after your certificate renewal for you.

    For e-mail apps please see this HowTo. If you implement the certificates for any other apps, please let me know the details of how and I will add them to the HowTo and make it generic rather than just for mail apps.

  • The theory is easy if you are not using the proxy. Go to Webconfig > Network > Firewall > Egress Firewall and change the mode to "Block all outgoing traffic - specify allowed destinations" then specify the allowed IP's. In practice this is not always so easy if the FQDN does not resolve to a single IP address. Google and Facebook (as an example) round-robin their IP's for load balancing so you would need to unblock a whole block of addresses for them to work reliably and it does not help using FQDN's in your firewall rules as the FQDN is converted to an IP address when the rule is loaded and it does not get re-evaluated until the rule is reloaded. Use this site to wok out what you may need to unblock.

    This method blocks traffic from LAN to WAN but not from ClearOS to WAN.

    As an alternative you could use the Content Filter with authentication or there is a more recent app, Gateway Management which may be more suited. There is a free (Community) and commercial version of Gateway Management. I don't have experience of these apps.

  • Greetings.

    I am quite new here.

    I do have to configure my ClearOS Community Edition 7.4 in such a way that all internet should be blocked but only particular sites will be allowed to browse.
    How to approach for this solution?

    Thank You.