Topic: How would you like retsina's rules to work

Ok, so most of us are aware of Squid and it's redirector squidguard.

I am in the process of writing a squidguard replacement called retsina. I'm posting here because my question is about its configuration and how it works - and what would be useful to Admin users.

Essentially, an excerpt for a retsina config file will look lie this:

times {
        prework 00:00 - 08:59        # Define before work hours
        work 09:00 - 17:30           # Define before work hours
        lunch 12:15 - 13:45          # Define lunch hours
        postwork 17:31 - 23:59       # Define after work hours
}

group foo {
        192.168.3.1
        192.168.3.2
}

rules foo in work {
        !pr0n !jobsearch !webmail
}

rules mentor in lunch {
        webmail
}

In this example, there are several timeslots defined for a day (prework, work, etc) and we have a group of IPs called "foo". We  then have the rules for the group foo for applicable timeslices.

Note how the "lunch" timeslot is within the "work" timeslot - 'nested' would be a better term. During the "work" hours, group "foo" is not allowed to surf pr0n (!pr0n bit in the rule).

My question is this: Should the rules be stacked, so that the "lunch" timeslot will not allow pr0n because it is within the "work" timeslot which disallows it?

Hope that makes sense. Reasons for your answers will be greatly appreciated.

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: How would you like retsina's rules to work

I'd say yes.

You can't enter directory 'bbb' if you dont have access to 'aaa' (/aaa/bbb)

Or, don't allow nested timeslots and make it possible to specify more then one timeslot per definition.

times {
        prework 00:00 - 08:59        # Define before work hours
        work 09:00 - 12:14              # Define morning work hours
        work 13:46 - 17:30              # Define afternoon work hours
        lunch 12:15 - 13:45             # Define lunch hours
        postwork 17:31 - 23:59      # Define after work hours
}

I know one could also do "morning" and "afternoon" instead of two "work" but then you would have to do rules for both of them.

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: How would you like retsina's rules to work

retsina ?
Dude..... this is a traditional Greek drink !
Is there a reason for naming it like this ? tongue

Guru for a day, newbie for a lifetime

Re: How would you like retsina's rules to work

spyretto wrote:

retsina ?
Dude..... this is a traditional Greek drink !
Is there a reason for naming it like this ? tongue

That's exactly why I chose it! Apparently it's often drunk with a meal of squid - get the link now?  wink

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: How would you like retsina's rules to work

Cool man !
You can even call it ouzo (another Greek drink) or mezedaki (small meal that accompanies alcohol, it can be squid)   !!
Any source code availiable ??

Guru for a day, newbie for a lifetime

Re: How would you like retsina's rules to work

spyretto wrote:

Cool man !
You can even call it ouzo (another Greek drink) or mezedaki (small meal that accompanies alcohol, it can be squid)   !!
Any source code availiable ??

big_smile

The project has a site: http://www.bsdnexus.com/retsina

And my src code is always available online:

http://www.bsdnexus.com/websvn/listing. … trunk_src_

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: How would you like retsina's rules to work

what did you decide wintellect ?

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: How would you like retsina's rules to work

I decided "yes" - so it's in there

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus