[PATCH] squidguard 1.5-beta: Added switch for DNS Blacklist - Development

22 Jan 2017

squidguard 1.5 has this feature, so I thought I could test this:
This patch adds the option to block against dns based blacklists.
For details see:
http://www.squidguard.org/Doc/extended.html
"Attention:
This feature requires squidGuard 1.5 or later or the dnsbl
patch for squidGuard 1.4 provided by INL - http://www.inl.fr/.
If you want to use external dns based blacklists such as black.uribl.com
for blocking you can use !dnsbl to dynamically check domain names against such services."
Example (squidGuard.conf):
...
acl {
    default {
    	pass !dnsbl:your.preferred.blacklist.domain.com all
    	redirect http://localhost/block.html
    }
}
...
"If you use !dnsbl without specifying a domain, black.uribl.com is used as default."
This is what I did for testing.
Discussion in german IPFire-Forum:
https://forum.ipfire.org/viewtopic.php?f=17&t=18083&sid=94b26f24a3d9...
Best,
Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
---
 html/cgi-bin/urlfilter.cgi | 15 +++++++++++++++
 langs/de/cgi-bin/de.pl     |  1 +
 langs/en/cgi-bin/en.pl     |  5 ++++-
 langs/es/cgi-bin/es.pl     |  1 +
 langs/fr/cgi-bin/fr.pl     |  1 +
 langs/it/cgi-bin/it.pl     |  1 +
 langs/nl/cgi-bin/nl.pl     |  1 +
 langs/pl/cgi-bin/pl.pl     |  1 +
 langs/ru/cgi-bin/ru.pl     |  1 +
 langs/tr/cgi-bin/tr.pl     |  1 +
 lfs/squidguard             |  2 +-
 11 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/urlfilter.cgi b/html/cgi-bin/urlfilter.cgi
index c3c327eec..ea4110916 100644
--- a/html/cgi-bin/urlfilter.cgi
+++ b/html/cgi-bin/urlfilter.cgi
@@ -136,6 +136,7 @@ $filtersettings{'MSG_TEXT_3'} = '';
 $filtersettings{'ENABLE_EXPR_LISTS'} = 'off';
 $filtersettings{'BLOCK_IP_ADDR'} = 'off';
 $filtersettings{'BLOCK_ALL'} = 'off';
+$filtersettings{'ENABLE_DNSBL'} = 'off';
 $filtersettings{'ENABLE_EMPTY_ADS'} = 'off';
 $filtersettings{'ENABLE_GLOBAL_WHITELIST'} = 'off';
 $filtersettings{'ENABLE_SAFESEARCH'} = 'off';
@@ -1051,6 +1052,9 @@ $checked{'BLOCK_IP_ADDR'}{$filtersettings{'BLOCK_IP_ADDR'}} = "checked='checked'
 $checked{'BLOCK_ALL'}{'off'} = '';
 $checked{'BLOCK_ALL'}{'on'} = '';
 $checked{'BLOCK_ALL'}{$filtersettings{'BLOCK_ALL'}} = "checked='checked'";
+$checked{'ENABLE_DNSBL'}{'off'} = '';
+$checked{'ENABLE_DNSBL'}{'on'} = '';
+$checked{'ENABLE_DNSBL'}{$filtersettings{'ENABLE_DNSBL'}} = "checked='checked'";
 $checked{'ENABLE_EMPTY_ADS'}{'off'} = '';
 $checked{'ENABLE_EMPTY_ADS'}{'on'} = '';
 $checked{'ENABLE_EMPTY_ADS'}{$filtersettings{'ENABLE_EMPTY_ADS'}} = "checked='checked'";
@@ -1479,21 +1483,26 @@ print <<END
    <td class='base'>$Lang::tr{'urlfilter username log'}:</td>
    <td><input type='checkbox' name='ENABLE_USERNAME_LOG' $checked{'ENABLE_USERNAME_LOG'}{'on'} /></td>
 </tr>
+
 <tr>
    <td class='base'>$Lang::tr{'urlfilter empty ads'}:</td>
    <td><input type='checkbox' name='ENABLE_EMPTY_ADS' $checked{'ENABLE_EMPTY_ADS'}{'on'} /></td>
    <td class='base'>$Lang::tr{'urlfilter category log'}:</td>
    <td><input type='checkbox' name='ENABLE_CATEGORY_LOG' $checked{'ENABLE_CATEGORY_LOG'}{'on'} /></td>
 </tr>
+
 <tr>
    <td class='base'>$Lang::tr{'urlfilter block ip'}:</td>
    <td><input type='checkbox' name='BLOCK_IP_ADDR' $checked{'BLOCK_IP_ADDR'}{'on'} /></td>
 </tr>
+
 <tr>
    <td class='base'>$Lang::tr{'urlfilter block all'}:</td>
    <td><input type='checkbox' name='BLOCK_ALL' $checked{'BLOCK_ALL'}{'on'} /></td>
    <td class='base'>$Lang::tr{'urlfilter whitelist always allowed'}:</td>
    <td><input type='checkbox' name='ENABLE_GLOBAL_WHITELIST' $checked{'ENABLE_GLOBAL_WHITELIST'}{'on'} /></td>
+	<td class='base'>$Lang::tr{'urlfilter enable dnsbl'}:</td>
+	<td><input type='checkbox' name='ENABLE_DNSBL' $checked{'ENABLE_DNSBL'}{'on'} /></td>
 </tr>
 </table>
 <hr size='1'>
@@ -2793,6 +2802,12 @@ sub writeconfigfile
    	{
    		$defaultrule .= "!in-addr ";
    	}
+
+		if ($filtersettings{'ENABLE_DNSBL'} eq 'on')
+		{
+			$defaultrule .= "!dnsbl ";
+		}
+
    	for ($i=0; $i<=@filtergroups; $i++) {
    		if ($filtersettings{@filtergroups[$i]} eq 'on')
    		{
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 261b92fe7..be95af57d 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -2444,6 +2444,7 @@
 'urlfilter enable custom blacklist' => 'Angepasste Blacklist aktivieren',
 'urlfilter enable custom expression list' => 'Angepasste Ausdrucksliste aktivieren',
 'urlfilter enable custom whitelist' => 'Angepasste Whitelist aktivieren',
+'urlfilter enable dnsbl' => 'Aktiviere DNS Blacklist',
 'urlfilter enable expression lists' => ' Aktiviere Ausdruckslisten',
 'urlfilter enable full backup' => 'Komplette Blacklist einbeziehen',
 'urlfilter enable jpeg' => 'Aktiviere Hintergrundbild',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index a04d994d6..44fa77fa3 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1246,7 +1246,6 @@
 'green interface' => 'Green Interface',
 'grouptype' => 'Grouptype:',
 'guaranteed bandwith' => 'Guaranteed bandwith',
-'guardian' => 'Guardian',
 'guest ok' => 'allow guests to access',
 'gui settings' => 'GUI Settings',
 'gz with key' => 'Only an encrypted archive can be restored on this machine.',
@@ -1404,6 +1403,7 @@
 'ip alias changed' => 'External IP alias changed',
 'ip alias removed' => 'External IP alias removed',
 'ip info' => 'IP Information',
+'ip reputational info' => 'IP Reputational Info:',
 'ipfire has now rebooted' => 'IPFire is rebooting now.',
 'ipfire has now shutdown' => 'IPFire is shutting down now.',
 'ipfire side' => 'IPFire side:',
@@ -1453,6 +1453,7 @@
 'local subnet' => 'Local subnet:',
 'local subnet is invalid' => 'Local subnet is invalid.',
 'local vpn hostname/ip' => 'Local VPN Hostname/IP',
+'localhost' => 'Localhost',
 'localkey' => 'Localkey',
 'localkeyfile' => 'Localkeyfile',
 'log' => 'Log',
@@ -1614,6 +1615,7 @@
 'mpfire songs' => 'MPFire songlist',
 'mpfire webradio' => 'MPFire Webradio',
 'mtu QoS' => 'This does not change the global MTU, it only sets MTU for QoS.',
+'multicast' => 'Multicast',
 'my new share' => 'My new share',
 'name' => 'Name',
 'name is invalid' => 'Name is invalid',
@@ -2487,6 +2489,7 @@
 'urlfilter enable custom blacklist' => 'Enable custom blacklist',
 'urlfilter enable custom expression list' => 'Enable custom expression list',
 'urlfilter enable custom whitelist' => 'Enable custom whitelist',
+'urlfilter enable dnsbl' => 'Enable DNS Blacklist',
 'urlfilter enable expression lists' => 'Enable expression lists',
 'urlfilter enable full backup' => 'Include complete blacklist',
 'urlfilter enable jpeg' => 'Enable background image',
diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
index ede7b661d..027b8e953 100644
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -1929,6 +1929,7 @@
 'urlfilter enable custom blacklist' => 'Activar Lista Negra personalizada',
 'urlfilter enable custom expression list' => 'Activar lista de frases personalizada',
 'urlfilter enable custom whitelist' => 'Activar Lista Blanca personalizada',
+'urlfilter enable dnsbl' => 'Activar DNS Blacklist',
 'urlfilter enable expression lists' => 'Activar lista de frases',
 'urlfilter enable full backup' => 'Incluir Lista Negra completa',
 'urlfilter enable jpeg' => 'Activar imagen de fondo',
diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl
index e896c9b2a..a75d68e32 100644
--- a/langs/fr/cgi-bin/fr.pl
+++ b/langs/fr/cgi-bin/fr.pl
@@ -1933,6 +1933,7 @@
 'urlfilter enable custom blacklist' => 'Activer Blackliste perso',
 'urlfilter enable custom expression list' => 'Activer liste de expression perso',
 'urlfilter enable custom whitelist' => 'Activer liste blanche perso',
+'urlfilter enable dnsbl' => 'Activer DNS Blacklist',
 'urlfilter enable expression lists' => 'Activer liste de mots clés perso',
 'urlfilter enable full backup' => 'Inclure Blackliste complete',
 'urlfilter enable jpeg' => 'Activer image d'arrière plan',
diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl
index b039cdbe0..cfb4722b8 100644
--- a/langs/it/cgi-bin/it.pl
+++ b/langs/it/cgi-bin/it.pl
@@ -2400,6 +2400,7 @@
 'urlfilter empty ads' => 'Blocca "ADS" con finestra vuota',
 'urlfilter empty repository' => 'Local file repository is empty',
 'urlfilter enable automatic blacklist update' => 'Attiva aggiornamento automatico',
+'urlfilter enable dnsbl' => 'Attiva DNS Blacklist',
 'urlfilter enable custom blacklist' => 'Abilito blacklist Personalizata',
 'urlfilter enable custom expression list' => 'Abilito Espressione Personalizata',
 'urlfilter enable custom whitelist' => 'Abilito whitelist Personalizata',
diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl
index 49c0cced6..4defa5f13 100644
--- a/langs/nl/cgi-bin/nl.pl
+++ b/langs/nl/cgi-bin/nl.pl
@@ -2348,6 +2348,7 @@
 'urlfilter enable custom blacklist' => 'Inschakelen eigen zwarte lijst',
 'urlfilter enable custom expression list' => 'Inschakelen eigen expressielijst',
 'urlfilter enable custom whitelist' => 'Inschakelen eigen witte lijst',
+'urlfilter enable dnsbl' => 'Inschakelen DNS Blacklist',
 'urlfilter enable expression lists' => 'Inschakelen eigen expressielijst',
 'urlfilter enable full backup' => 'Inclusief complete zwarte lijst',
 'urlfilter enable jpeg' => 'Inschakelen achtergrondafbeelding',
diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl
index e2f9da5c0..d3d95fd47 100644
--- a/langs/pl/cgi-bin/pl.pl
+++ b/langs/pl/cgi-bin/pl.pl
@@ -1942,6 +1942,7 @@
 'urlfilter enable custom blacklist' => 'Włącz własną czarną listę',
 'urlfilter enable custom expression list' => 'Włącz własną listę wyrażeń',
 'urlfilter enable custom whitelist' => 'Włącz własną białą listę',
+'urlfilter enable dnsbl' => 'Aktywuy DNS Blacklist',
 'urlfilter enable expression lists' => 'Włącz listę wyrażeń',
 'urlfilter enable full backup' => 'Dołącz kompletną czarną listę',
 'urlfilter enable jpeg' => 'Włącz obraz tła',
diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl
index 4b0edb582..5acddc015 100644
--- a/langs/ru/cgi-bin/ru.pl
+++ b/langs/ru/cgi-bin/ru.pl
@@ -1934,6 +1934,7 @@
 'urlfilter empty ads' => 'Блокировать рекламу с пустыми окнами',
 'urlfilter empty repository' => 'Локальный файловый репозиторий пуст',
 'urlfilter enable automatic blacklist update' => 'Разрешить автоматическое обновление',
+'urlfilter enable dnsbl' => 'Активировать DNS черный список',
 'urlfilter enable custom blacklist' => 'Разрешить пользовательский чёрный список',
 'urlfilter enable custom expression list' => 'Разрешить пользовательский список выражений',
 'urlfilter enable custom whitelist' => 'Разрешить пользовательский белый список',
diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl
index 9eb300006..bbb01ce6b 100644
--- a/langs/tr/cgi-bin/tr.pl
+++ b/langs/tr/cgi-bin/tr.pl
@@ -2485,6 +2485,7 @@
 'urlfilter enable custom blacklist' => 'Özel kara listeyi aktifleştir',
 'urlfilter enable custom expression list' => 'Özel ifade listesini aktifleştir',
 'urlfilter enable custom whitelist' => 'Özel beyaz listeyi aktifleştir',
+'urlfilter enable dnsbl' => 'DNS Blacklist etkinleştirin',
 'urlfilter enable expression lists' => 'İfade listesini aktifleştir',
 'urlfilter enable full backup' => 'Tamamlanan kara listeyi dahil et',
 'urlfilter enable jpeg' => 'Arka plan resmini aktifleştir',
diff --git a/lfs/squidguard b/lfs/squidguard
index e3fd0c4e4..bca43ce22 100644
--- a/lfs/squidguard
+++ b/lfs/squidguard
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2016  IPFire Team  info@ipfire.org                     #
+# Copyright (C) 2007-2017  IPFire Team  info@ipfire.org                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
-- 
2.11.0


    