URL Filtering and Blocking Crap with Vyatta

This week, I had a client who was having issues with his router. With years of use, he began to experience a degradation in its performance. Although the office is small with 6 computers, his only requirements were a router that can block roughly 30 domains, and manage to perform well.

I arrived at his office, and found he purchased a shiny new Cisco Linksys WRT320N router for $100 from Futureshop. It looks sleek and sexy. I disconnected his D-Link DIR-615, and proceeded to setup the new one. After getting through the setup, enabling the wireless, and specifying which systems would obtain which IP address, I found that the router can only block 4 domains.

It’s situations like these where you realize there is a good solution for all of this, and it happens to start with Vyatta. I brought over a computer with a second network card installed. Ran through the main setup of the router. Now, for domain or URL filtering, my understanding is that there is no limit with Vyatta.

You run the commands below on the internal interface that connects the switch to the router.

set service webproxy listen-address 10.10.0.1
set service webproxy url-filtering squidguard local-block twitter.com
set service webproxy url-filtering squidguard local-block facebook.com
set service webproxy url-filtering squidguard local-block youtube.com
commit

There is also some extra cool features if you are looking for an added level of security. SquidGuard allows you to use blacklists with Squid, and the great thing about it is that its totally free. One of those cool features is the ability of blocking adware and spyware, and not having to figure out what to block. You can use the commands below to use the lists managed by Squid.

set service webproxy listen-address 10.10.0.1
set service webproxy url-filtering squidguard block-category ads
set service webproxy url-filtering squidguard block-category gambling
set service webproxy url-filtering squidguard block-category malware
set service webproxy url-filtering squidguard block-category phishing
set service webproxy url-filtering squidguard block-category porn
set service webproxy url-filtering squidguard block-category spyware
set service webproxy url-filtering squidguard block-category warez
commit

And with a few lines of commands, you can protect your network better.

5 Comments

  1. lorenze

    hi im just new to vyatta and i was trying to configure the blocking by category using squid. My problem is that when i try to commit after setting the following:
    set service webproxy listen-address x.x.x.x
    set service webproxy url-filtering squidguard block-category ads

    I got this error :warning no blocklist installed
    unknown block-category [ads] for policy default [default]

    how ca i installed blocklist and what should i do to clear this error.

    Thank you so much for any response it would surely help a lot.

    Thanks,

    Regards,

    Lorenze

  2. Jason

    Hello lorenze,
    You have to first install the blocklist before oyou can go ahead and setup the content filtering….the command is…update webproxy blacklists
    you have to first run that command so that vyatta can install and update the blocklist before. Let me know how it goes.

  3. Josue

    Late reply to this post, but I found it wondering around and I feel the need to be polite…

    you should run “update webproxy blacklists” so it can download the blacklists that you need, you do this at the first level of the CLI before entering config mode (the one that displays the “$” at the end, for example user@router:~$).

    You probably already figured this out but this is for other people that see this some other time :)

  4. GVL

    @ lorenze

    You need to update your squiguard blockslists:

    update webproxy blocklists

  5. alchikha

    pleas i use vyatta web filtring
    it seem to be good but
    i need to let some bodies have full acces and other one limted access
    i have vyatta vc 5. edition
    i found on the net that ther is cmd like sous-group that help to my cas but it dont work it sem that i need vyatta plus edition
    is that right
    and ther is no way to install that option on my vyatta syst vc ??

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>