From b3a54c520195f3cab1109cb90de8179e4dff433f Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Sun, 29 Nov 2009 19:45:19 +0100 Subject: add bridging firewall stuff - tested with a transparent squid proxy - fix some minor other stuff - not completely ready --- package/squid/files/squid.conf | 39 ++++++++++++++------------------------ package/squid/files/squid.init | 37 ++++++++++++++++++++++++++++++++++++ package/squid/files/squid.postinst | 6 ++++++ 3 files changed, 57 insertions(+), 25 deletions(-) create mode 100644 package/squid/files/squid.init create mode 100644 package/squid/files/squid.postinst (limited to 'package/squid/files') diff --git a/package/squid/files/squid.conf b/package/squid/files/squid.conf index 86ffa60c7..9e6571192 100644 --- a/package/squid/files/squid.conf +++ b/package/squid/files/squid.conf @@ -1,27 +1,16 @@ visible_hostname linux +# for transparent proxy use following +# http_port 3128 transparent http_port 3128 -# acl -acl manager proto cache_object -acl localhost src 127.0.0.1/32 -acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 -acl localnet src 10.0.0.0/8 # RFC1918 possible internal network -acl localnet src 172.16.0.0/12 # RFC1918 possible internal network -acl localnet src 192.168.0.0/16 # RFC1918 possible internal network -acl SSL_ports port 443 -acl Safe_ports port 80 # http -acl Safe_ports port 21 # ftp -acl Safe_ports port 443 # https -acl Safe_ports port 70 # gopher -acl Safe_ports port 210 # wais -acl Safe_ports port 1025-65535 # unregistered ports -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http -acl CONNECT method CONNECT -http_access allow manager localhost -http_access deny manager -http_access deny !Safe_ports -http_access deny CONNECT !SSL_ports -http_access allow localnet -http_access deny all +pid_filename /var/run/squid.pid +# logging +access_log syslog +cache_store_log none +cache_log /var/log/squid-cache.log +# security +cache_effective_user squid +cache_effective_group squid +# cache dir +cache_dir ufs /var/squid/cache 10M 16 256 +# allow all +http_access allow all diff --git a/package/squid/files/squid.init b/package/squid/files/squid.init new file mode 100644 index 000000000..5fd8e4c13 --- /dev/null +++ b/package/squid/files/squid.init @@ -0,0 +1,37 @@ +#!/bin/sh +#PKG squid +#INIT 70 + +. /etc/rc.conf + +case $1 in +autostop) ;; +autostart) + test x"${squid:-NO}" = x"NO" && exit 0 + exec sh $0 start + ;; +start) + if [ ! -f /var/log/squid-cache.log ];then + touch /var/log/squid-cache.log + chown squid:squid /var/log/squid-cache.log + fi + if [ ! -d /var/squid/cache ];then + mkdir -p /var/squid/cache + chown squid:squid /var/squid/cache + squid -z + fi + squid + ;; +stop) + squid -k kill + ;; +restart) + sh $0 stop + sh $0 start + ;; + +*) + echo "usage: $0 {start | stop | restart}" + exit 1 +esac +exit $? diff --git a/package/squid/files/squid.postinst b/package/squid/files/squid.postinst new file mode 100644 index 000000000..6a08126c9 --- /dev/null +++ b/package/squid/files/squid.postinst @@ -0,0 +1,6 @@ +#!/bin/sh +. $IPKG_INSTROOT/etc/functions.sh +gid=$(get_next_gid) +add_user squid $(get_next_uid) $gid /var/squid/cache +add_group squid $gid +add_rcconf squid squid NO -- cgit v1.2.3