##1. Missed part of the squidguard configuration:
```
run update webproxy blacklists
set service webproxy listen-address 192.168.122.15 disable-transparent
set service webproxy listen-address 192.168.122.15 port '3128'
set service webproxy url-filtering squidguard default-action 'block'
set service webproxy url-filtering squidguard rule 1 block-category 'social_networks'
set service webproxy url-filtering squidguard rule 1 source-group social
set service webproxy url-filtering squidguard source-group social address '192.168.122.0/24'
```
Get configuration:
```
[email protected]# sudo cat /etc/squidguard/squidGuard.conf
### generated by service_webproxy.py ###
dbhome /opt/vyatta/etc/config/url-filtering/squidguard/db
logdir /var/log/squid
rewrite safesearch {
s@(.*\.google\..*/(custom|search|images|groups|news)?.*q=.*)@\1\&safe=active@i
s@(.*\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i
s@(.*\.yahoo\..*/search.*p=.*)@\1\&vm=r@i
s@(.*\.live\..*/.*q=.*)@\1\&adlt=strict@i
s@(.*\.msn\..*/.*q=.*)@\1\&adlt=strict@i
s@(.*\.bing\..*/search.*q=.*)@\1\&adlt=strict@i
log rewrite.log
}
acl {
default {
pass local-ok-default !in-addr none
redirect 302:http://block.vyos.net
}
}
```
Expected configuration:
```
vyos@r12-lts# sudo cat /etc/squidguard/squidGuard.conf
#
# autogenerated by vyatta-update-webproxy.pl
#
dbhome /opt/vyatta/etc/config/url-filtering/squidguard/db
logdir /var/log/squid
rewrite safesearch {
s@(.*\.google\..*/(custom|search|images|groups|news)?.*q=.*)@\1\&safe=active@i
s@(.*\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i
s@(.*\.yahoo\..*/search.*p=.*)@\1\&vm=r@i
s@(.*\.live\..*/.*q=.*)@\1\&adlt=strict@i
s@(.*\.msn\..*/.*q=.*)@\1\&adlt=strict@i
s@(.*\.bing\..*/search.*q=.*)@\1\&adlt=strict@i
log rewrite.log
}
src social-1 {
ip 192.168.122.0/24
}
dest local-ok-default {
domainlist local-ok-default/domains
}
dest local-ok-url-default {
urllist local-ok-url-default/urls
}
dest local-ok-1 {
domainlist local-ok-1/domains
}
dest local-ok-url-1 {
urllist local-ok-url-1/urls
}
dest social_networks-1 {
domainlist social_networks/domains
urllist social_networks/urls
}
acl {
social-1 {
pass local-ok-1 !in-addr !social_networks-1 all
}
default {
pass local-ok-default !in-addr none
redirect 302:http://block.vyos.net
}
}
```
##2. bug permission error
```
vyos@r1-roll# set service webproxy url-filtering squidguard rule 1 block-category 'social_networks'
ls: cannot access '/opt/vyatta/etc/config/url-filtering/squidguard/db//*': Permission denied
```
##3. Node address should be /multi
```
set service webproxy url-filtering squidguard source-group social address 192.0.2.0/24
set service webproxy url-filtering squidguard source-group social address 203.0.113.0/24
```
https://github.com/vyos/vyos-1x/blob/adca504a2c5cd60be46a741ab3aef83fa4dfe4cf/interface-definitions/service_webproxy.xml.in#L496-L517
There is no "source-group" in template
```
set service webproxy url-filtering squidguard source-group
```
https://github.com/vyos/vyos-1x/blob/current/data/templates/squid/squidGuard.conf.tmpl