Skip to main content

Dansguardian on OpenBSD

So many people have written long and excellent examples of an internet application layer filtering solution.

However, what if you need a quick and simple internet filtering solution? Want to block out all the garbage for the younger generation?
Look no further than Dansguardian.
I’ll assume you love OpenBSD as well, and have the following in place:

Download the latest beta from and extract it, reading the install doco for good reference:
<br /> cd /tmp<br /> wget<br /> tar zxvf dansguardian-<br /> cd dansguardian-<br /> less INSTALL<br />
Once you have had a read of the install, configure and compile quickly for OpenBSD
<br /> ./configure \<br /> --mandir=/usr/local/man \<br /> --with-logdir=/var/log/dansguardian \<br /> --bindir=/usr/local/bin \<br /> --sysconfdir=/usr/local/etc<br /> mkdir /var/log/dansguardian<br /> make<br /> make install<br /> make clean<br />
This will provide you an installed copy of Dans with a default config set.
Now setup Dans to stop/start during init and shutdown
<br /> chmod +x /usr/local/share/dansguardian/scripts/bsd-init<br /> cat >> /etc/rc.local << EOF <a href="" class="tweet-hashtag">#</a> DansGuardian<br /> if [ -x /usr/local/sbin/dansguardian ]; then<br /> /usr/local/share/dansguardian/scripts/bsd-init start<br /> fi<br /> EOF<br /> cat >> /etc/rc.shutdown << EOF vi /etc/rc.shutdown <a href="" class="tweet-hashtag">#</a> DansGuardian<br /> if [ -x /usr/local/sbin/dansguardian ]; then<br /> /usr/local/share/dansguardian/scripts/bsd-init stop<br /> fi<br /> EOF<br />
Almost done. Setup PF to redirect all Web access through Dans, which will use squid.
In this example, hosts and will not use the filter, and all other hosts will. Change IPs to suit your needs.
<br /> cat >> /etc/pf.conf << EOF no rdr on $int_if from {, } to any rdr on $int_if inet proto { tcp, udp } from any to any port www -> port 8080<br /> EOF<br /> pfctl -f /etc/pf.conf<br />
Now lastly startup Dans for this session. You may learn how the flow works, and what to configure on the products site.
<br /> /usr/local/share/dansguardian/scripts/bsd-init start<br />
I hope that gives you an idea how easy this is to setup, now go and have a hack and see what you can do with squid and authentication! Chop Chop!