Index syndication
comment syndication

Dansguardian on OpenBSD


So many people have written long and excellent examples of an internet application layer filtering solution.

However, what if you need a quick and simple internet filtering solution? Want to block out all the garbage for the younger generation?
Look no further than Dansguardian.
I’ll assume you love OpenBSD as well, and have the following in place:

Download the latest beta from and extract it, reading the install doco for good reference:

cd /tmp
tar zxvf dansguardian-
cd dansguardian-

Once you have had a read of the install, configure and compile quickly for OpenBSD

./configure \
--mandir=/usr/local/man \
--with-logdir=/var/log/dansguardian \
--bindir=/usr/local/bin \
mkdir /var/log/dansguardian
make install
make clean

This will provide you an installed copy of Dans with a default config set.
Now setup Dans to stop/start during init and shutdown

chmod +x /usr/local/share/dansguardian/scripts/bsd-init
cat >> /etc/rc.local << EOF # DansGuardian
if [ -x /usr/local/sbin/dansguardian ]; then
/usr/local/share/dansguardian/scripts/bsd-init start
cat >> /etc/rc.shutdown << EOF vi /etc/rc.shutdown # DansGuardian
if [ -x /usr/local/sbin/dansguardian ]; then
/usr/local/share/dansguardian/scripts/bsd-init stop

Almost done. Setup PF to redirect all Web access through Dans, which will use squid.
In this example, hosts and will not use the filter, and all other hosts will. Change IPs to suit your needs.

cat >> /etc/pf.conf << EOF no rdr on $int_if from {, } to any rdr on $int_if inet proto { tcp, udp } from any to any port www -> port 8080
pfctl -f /etc/pf.conf

Now lastly startup Dans for this session. You may learn how the flow works, and what to configure on the products site.

/usr/local/share/dansguardian/scripts/bsd-init start

I hope that gives you an idea how easy this is to setup, now go and have a hack and see what you can do with squid and authentication! Chop Chop!