add bridging firewall stuff

- tested with a transparent squid proxy
- fix some minor other stuff
- not completely ready

4 files changed, 60 insertions, 25 deletions

diff --git a/package/squid/Makefile b/package/squid/Makefile
index 9395c65c8..cfc35061c 100644
--- a/package/squid/Makefile
+++ b/package/squid/Makefile
@@ -146,6 +146,9 @@ post-configure:
 	${SED} 's#postdeps="-lstdc.*#postdeps="-lm"#' \
 	    ${WRKBUILD}/libtool
 endif
+post-configure:
+	${SED} 's#\(hardcode_into_libs=\).*$$#\1no#' \
+		${WRKBUILD}/libtool
 
 post-install: ${INSTALL_MODS_y} ${INSTALL_MODS_m}
 	${INSTALL_DIR} ${IDIR_SQUID}/etc/squid
diff --git a/package/squid/files/squid.conf b/package/squid/files/squid.conf
index 86ffa60c7..9e6571192 100644
--- a/package/squid/files/squid.conf
+++ b/package/squid/files/squid.conf
@@ -1,27 +1,16 @@
 visible_hostname linux
+# for transparent proxy use following
+# http_port 3128 transparent
 http_port 3128
-# acl
-acl manager proto cache_object
-acl localhost src 127.0.0.1/32
-acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
-acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
-acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
-acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
-acl SSL_ports port 443
-acl Safe_ports port 80		# http
-acl Safe_ports port 21		# ftp
-acl Safe_ports port 443		# https
-acl Safe_ports port 70		# gopher
-acl Safe_ports port 210		# wais
-acl Safe_ports port 1025-65535	# unregistered ports
-acl Safe_ports port 280		# http-mgmt
-acl Safe_ports port 488		# gss-http
-acl Safe_ports port 591		# filemaker
-acl Safe_ports port 777		# multiling http
-acl CONNECT method CONNECT
-http_access allow manager localhost
-http_access deny manager
-http_access deny !Safe_ports
-http_access deny CONNECT !SSL_ports
-http_access allow localnet
-http_access deny all
+pid_filename /var/run/squid.pid
+# logging
+access_log syslog
+cache_store_log none
+cache_log /var/log/squid-cache.log
+# security
+cache_effective_user squid
+cache_effective_group squid
+# cache dir
+cache_dir ufs /var/squid/cache 10M 16 256
+# allow all
+http_access allow all
diff --git a/package/squid/files/squid.init b/package/squid/files/squid.init
new file mode 100644
index 000000000..5fd8e4c13
--- /dev/null
+++ b/package/squid/files/squid.init
@@ -0,0 +1,37 @@
+#!/bin/sh
+#PKG squid
+#INIT 70
+
+. /etc/rc.conf
+
+case $1 in
+autostop) ;;
+autostart)
+	test x"${squid:-NO}" = x"NO" && exit 0
+	exec sh $0 start
+	;;
+start)
+	if [ ! -f /var/log/squid-cache.log ];then
+		touch /var/log/squid-cache.log
+		chown squid:squid /var/log/squid-cache.log
+	fi
+	if [ ! -d /var/squid/cache ];then
+		mkdir -p /var/squid/cache
+		chown squid:squid /var/squid/cache
+		squid -z 
+	fi
+	squid
+	;;
+stop)
+	squid -k kill
+	;;
+restart)
+	sh $0 stop
+	sh $0 start
+	;;
+
+*)
+	echo "usage: $0 {start | stop | restart}"
+	exit 1
+esac
+exit $?
diff --git a/package/squid/files/squid.postinst b/package/squid/files/squid.postinst
new file mode 100644
index 000000000..6a08126c9
--- /dev/null
+++ b/package/squid/files/squid.postinst
@@ -0,0 +1,6 @@
+#!/bin/sh
+. $IPKG_INSTROOT/etc/functions.sh
+gid=$(get_next_gid)
+add_user squid $(get_next_uid) $gid /var/squid/cache
+add_group squid $gid
+add_rcconf squid squid NO