En: [iptables-br] Iptables e squid na mesma maquina

To: debian-user-portuguese@lists.debian.org
Subject: En: [iptables-br] Iptables e squid na mesma maquina
From: Rogério Bernardes <rogeriobernardes@yahoo.com.br>
Date: Sun, 11 Dec 2005 03:36:39 +0000 (GMT)
Message-id: <[🔎] 20051211033639.60590.qmail@web32408.mail.mud.yahoo.com>

Bom dia Lista !


Estava com meu squid trabalhando sem nenhum problema,
quando quis melhorar minha segurança, digitando a
seguinte linha de comando:

iptables -A INPUT -p -tcp -s 192.168.0.0/255.255.255.0
-j ACCEPT

Eu quiser dizer por Firewall que podria aceitar
somente pacotes da minha faixa de ip interna, mas aí
meu squid parou.

Dá pra confiar só no squid?

Veja meu squid.conf
==================================================================
http_port 3128
visible_hostname srvlinux

# CONFIGURACAO DO CACHE
cache_mem 32 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 2048 16 256

# LOCAL DO LOG DE ACESSOS DO SQUID
cache_access_log /var/log/squid/access.log

refresh_pattern  ^ftp:        15   2%  2280
refresh_pattern  ^gopher:     15   0%  2280
refresh_pattern  .            15  20%  2280

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80         # http
acl Safe_ports port 21         # ftp
acl Safe_ports port 443 563    # https, snews
acl Safe_ports port 70         # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535 # portas sem registro
acl Safe-ports port 280        # http-mgmt
acl Safe-ports port 488        # gss-http
acl Safe-ports port 591        # filemaker
acl Safe-ports port 777        # multiling http
acl Safe-ports port 901        # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

# LIBERA ACESSO FULL EM DETERMINADO HORARIO
acl horariofree time 00:00-01:00
http_access allow horariofree

# FILTROS POR PALAVRAS E POR DOMINIOS
acl proibidos dstdom_regex "/etc/squid/proibidos"
http_access deny proibidos

# exemplo de bloqueios (filtros)
acl bloqueados dstdomain www.playboy.com.br
playboy.com.br playboy.com www.playboy.com
http_access deny bloqueados

# LIBERA ACESSO PARA A REDE LOCAL
acl redelocal src 192.168.0.0/24
http_access allow localhost
http_access allow redelocal

# BLOQUEIA ACESSOS EXTERNOS
http_access deny all




	



	
		
_______________________________________________________ 
Yahoo! doce lar. Faça do Yahoo! sua homepage. 
http://br.yahoo.com/homepageset.html

Reply to:

Prev by Date: quem disse q eu sei qual o arquivo q eu edito pra carregar o modem ?!
Next by Date: configurar dselect
Previous by thread: Re: quem disse q eu sei qual o arquivo q eu edito pra carregar o modem ?!
Next by thread: configurar dselect
Index(es):
- Date
- Thread