diff options
author | Waldemar Brodkorb <wbx@openadk.org> | 2009-11-29 19:45:19 +0100 |
---|---|---|
committer | Waldemar Brodkorb <wbx@openadk.org> | 2009-11-29 19:45:19 +0100 |
commit | b3a54c520195f3cab1109cb90de8179e4dff433f (patch) | |
tree | 6728c4cdb14fd18a6b7c040c7d395a2d5603fc74 /package/squid | |
parent | 81b38e16646cc758202b51b5174da63e2e09646a (diff) |
add bridging firewall stuff
- tested with a transparent squid proxy
- fix some minor other stuff
- not completely ready
Diffstat (limited to 'package/squid')
-rw-r--r-- | package/squid/Makefile | 3 | ||||
-rw-r--r-- | package/squid/files/squid.conf | 39 | ||||
-rw-r--r-- | package/squid/files/squid.init | 37 | ||||
-rw-r--r-- | package/squid/files/squid.postinst | 6 |
4 files changed, 60 insertions, 25 deletions
diff --git a/package/squid/Makefile b/package/squid/Makefile index 9395c65c8..cfc35061c 100644 --- a/package/squid/Makefile +++ b/package/squid/Makefile @@ -146,6 +146,9 @@ post-configure: ${SED} 's#postdeps="-lstdc.*#postdeps="-lm"#' \ ${WRKBUILD}/libtool endif +post-configure: + ${SED} 's#\(hardcode_into_libs=\).*$$#\1no#' \ + ${WRKBUILD}/libtool post-install: ${INSTALL_MODS_y} ${INSTALL_MODS_m} ${INSTALL_DIR} ${IDIR_SQUID}/etc/squid diff --git a/package/squid/files/squid.conf b/package/squid/files/squid.conf index 86ffa60c7..9e6571192 100644 --- a/package/squid/files/squid.conf +++ b/package/squid/files/squid.conf @@ -1,27 +1,16 @@ visible_hostname linux +# for transparent proxy use following +# http_port 3128 transparent http_port 3128 -# acl -acl manager proto cache_object -acl localhost src 127.0.0.1/32 -acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 -acl localnet src 10.0.0.0/8 # RFC1918 possible internal network -acl localnet src 172.16.0.0/12 # RFC1918 possible internal network -acl localnet src 192.168.0.0/16 # RFC1918 possible internal network -acl SSL_ports port 443 -acl Safe_ports port 80 # http -acl Safe_ports port 21 # ftp -acl Safe_ports port 443 # https -acl Safe_ports port 70 # gopher -acl Safe_ports port 210 # wais -acl Safe_ports port 1025-65535 # unregistered ports -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http -acl CONNECT method CONNECT -http_access allow manager localhost -http_access deny manager -http_access deny !Safe_ports -http_access deny CONNECT !SSL_ports -http_access allow localnet -http_access deny all +pid_filename /var/run/squid.pid +# logging +access_log syslog +cache_store_log none +cache_log /var/log/squid-cache.log +# security +cache_effective_user squid +cache_effective_group squid +# cache dir +cache_dir ufs /var/squid/cache 10M 16 256 +# allow all +http_access allow all diff --git a/package/squid/files/squid.init b/package/squid/files/squid.init new file mode 100644 index 000000000..5fd8e4c13 --- /dev/null +++ b/package/squid/files/squid.init @@ -0,0 +1,37 @@ +#!/bin/sh +#PKG squid +#INIT 70 + +. /etc/rc.conf + +case $1 in +autostop) ;; +autostart) + test x"${squid:-NO}" = x"NO" && exit 0 + exec sh $0 start + ;; +start) + if [ ! -f /var/log/squid-cache.log ];then + touch /var/log/squid-cache.log + chown squid:squid /var/log/squid-cache.log + fi + if [ ! -d /var/squid/cache ];then + mkdir -p /var/squid/cache + chown squid:squid /var/squid/cache + squid -z + fi + squid + ;; +stop) + squid -k kill + ;; +restart) + sh $0 stop + sh $0 start + ;; + +*) + echo "usage: $0 {start | stop | restart}" + exit 1 +esac +exit $? diff --git a/package/squid/files/squid.postinst b/package/squid/files/squid.postinst new file mode 100644 index 000000000..6a08126c9 --- /dev/null +++ b/package/squid/files/squid.postinst @@ -0,0 +1,6 @@ +#!/bin/sh +. $IPKG_INSTROOT/etc/functions.sh +gid=$(get_next_gid) +add_user squid $(get_next_uid) $gid /var/squid/cache +add_group squid $gid +add_rcconf squid squid NO |