Internal Details

You don't need to read any of this to use Cop+. This page is for linux admins or developers who want to know how Cop+ works, or who want to make modifications.

Dansguardian was compiled from source in an IPCop 1.4.21 development environment. The lfs file with switches used to compile dansguardian is here.

The copplusaddon-xxx.tgz tar file contains the /var/ipcop/copplus folder.
Inside that folder is an assortment of needed files and a tar archive containing most of what is needed. The installer program is a bash script called copplussetup, it can be run anytime, repeatedly. It in turn calls 1stboot.pl which is a perl script to finish some of the configuration tasks.

Summary of changes made to ipcop

Overview of how it works

In transparent mode, Dansguardian only gets involved with port 80 web traffic. If you turn off the transparent setting, you need to manually configure all your web browsers to use port 8080 on IPCop as their web Proxy. In this case, port 443 secure (https) web traffic is also policed. All other ports used by mail, ftp, bittorrent, skype etc. are not affected.

In transparent mode
Cop+ adds some rules in the /etc/rc.d/rc.firewall.local file which block any traffic going out to port 80 on the internet from your network. However, squid (the "web proxy" on IPCop) is still allowed to go out. So web browsing is broken, unless you go through squid.
The /usr/local/bin/restartsquid program starts up the squid web proxy whenever IPCop boots or when you hit the save button on the web Proxy GUI page. restartsquid normally loads an iptables rule to intercept anything headed out to port 80 on the internet and redirect it to squid on port 800 (or whatever port you set squid to.) The Cop+ modified restartsquid program instead loads a rule that intercepts port 80 traffic and directs it to dansguardian which is listening on port 8080.
Dansguardian is started at boot time by a line in /etc/rc.d/rc.local, which is the linux equivalent of autoexec.bat on a windows machine.
Dansguardian then is essentially doing a man-in-the-middle attack and pretending to be the web server (i.e. www.yahoo.com or others). Dansguardian either returns a web page that says "Blocked," or it asks squid to fetch the page originally requested and hands it over to your web browser.
If either Dansguardian or squid fail to start or hang up while running, web browsing will stop working on your network, but other things like email will continue to work.

In non-transparent mode
Mostly things work the same as above. Now both port 80 and port 443 are blocked from going out. There are no rules loaded to redirect requests headed to the internet to dansguardian. You must inform your web browsers to use a proxy server on IPCop's Green IP number, port 8080. If you don't you'll get "server not responding" or some such message when you try to web browse.
One advantage of non-transparent mode is you get a little control over https traffic. On port 443 (https) dansguardian is doing a pass-through of an encrypted tunnel, so it can't really see what the contents of the web pages are, but it can still block connections to web servers that are in the blacklists.
The main advantage of a non-transparent proxy is your proxy server can require a username and password before allowing people out.
The GUI Pages
The GUI is a series of perl cgi scripts which reside in /home/httpd/cgi-scripts/dansguardian/
They allow you to edit the multiple danguardian config files, which are all just text files, which reside in /etc/dansguardian and /etc/dansguardian/lists. There isn't really anything special about the dansguardian config on IPCop. If you want to you can go in and manually edit the config files with vi or WinSCP and create more groups or get really wild with the configuration. The magic that makes ip numbers appear in the squid logs is:
In dansguardian.conf:

forwardedfor = on
In /var/ipcop/proxy/acl (which is used to build squid.conf):
acl dansguardian src __GREEN_IP__ __BLUE_IP__
follow_x_forwarded_for allow dansguardian