[root@router]# more /etc/rc.d/rc.firewall
echo "1" > /proc/sys/net/ipv4/ip_forward
# Penghapusan setting yang ada ( Setting ulang )
#/sbin/iptables -P INPUT ACCEPT
#/sbin/iptables -P FORWARD ACCEPT
#/sbin/iptables -P OUTPUT ACCEPT
# Penghapusan aturan yang ada ( setting ulang )
#/sbin/iptables -t nat -P POSTROUTING ACCEPT
#/sbin/iptables -t nat -P PREROUTING ACCEPT
#/sbin/iptables -t nat -P OUTPUT ACCEPT
# membatalkan semua aturan filter dan nat iptables ( flushing )
/sbin/iptables -F
/sbin/iptables -t nat -F
# membatalkan semua mata rantai yang tidak terdapat pada filter dan iptables
#/sbin/iptables -X
#/sbin/iptables -t nat -X
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.135 -d 0/0 -j MASQUERADE # Zul
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.136 -d 0/0 -j MASQUERADE # Mirza
Sedikit celelean, selenge'an, suka humor, keras kepala, lentur ( gampang di ajak apa aja, yg positif aja ya )
17 June 2008
11 June 2008
SQUID ku
Fedora Core release 5 (Bordeaux)
Kernel 2.6.15-1.2054_FC5 on an i686
# Squid 2.5
http_port 3128 80 8081
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_query_timeout 0
maximum_icp_query_timeout 9000
mcast_icp_query_timeout 9000
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
cache_swap_low 80%
cache_swap_high 100%
maximum_object_size 1024 KB
#minimum_object_size 4 KB
#maximum_object_size_in_memory 8 KB
#ipcache_size 4096
#ipcache_low 90
#ipcache_high 95
#fqdncache_size 4096
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir diskd /cache 6000 14 256 Q1=64 Q2=72
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
negative_ttl 2 minutes
emulate_httpd_log on
log_ip_on_direct on
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
# ftp_user user@planta.com
ftp_passive on
# dns_retransmit_interval 5 seconds
dns_retransmit_interval 5 seconds
dns_timeout 5 minutes
diskd_program /usr/lib/squid/diskd
unlinkd_program /usr/lib/squid/unlinkd
redirect_rewrites_host_header on
request_header_max_size 10 MB
request_body_max_size 10 MB
auth_param basic children 5
auth_param basic realm squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern \.(gif|jpg|jpeg)$ 600 80% 86400
refresh_pattern \.(xbm|xpm|ico|tiff)$ 600 80% 86400
refresh_pattern \.(au|snd|wav|ra|mid)$ 600 80% 86400
refresh_pattern \.(qt|mov|avi|mpeg)$ 600 80% 86400
refresh_pattern \.(iv|wrl|vrml)$ 600 80% 86400
refresh_pattern \.(z|qz)$ 600 80% 86400
refresh_pattern \.(hqx|bin)$ 600 80% 86400
refresh_pattern \.(tar|zip)$ 600 80% 86400
refresh_pattern ^http:// 30 50% 86400
refresh_pattern ^ftp:// 30 50% 86400
refresh_pattern . 30 30% 43200
quick_abort_min 128 KB
quick_abort_max 4096 KB
quick_abort_pct 75
negative_ttl 1 minutes
range_offset_limit 0 KB
half_closed_clients off
shutdown_lifetime 30 seconds
#---------------------#
#BLOCKING WEBSITES
#---------------------#
acl bad url_regex "/etc/squid/block.txt"
http_access deny bad
#--------------------#
# Tambahan
acl domainapprove url_regex -i "/etc/squid/domain-approve.txt"
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/16
acl fullakses src 192.168.168.100/255.255.255.255
acl fullakses src 192.168.168.168/255.255.255.255
acl gpiadmin src 192.168.77.80/255.255.255.255
acl fullakses src 192.168.4.32/255.255.255.255 # GM
acl fullakses src 192.168.28.2/255.255.255.255 # Mgr Sales
acl fullakses src 192.168.28.9/255.255.255.255 # Ops
acl fullakses src 192.168.28.10/255.255.255.255 # Ops
acl limitedakses src 192.168.28.4/255.255.255.255 # Act
acl limitedakses src 192.168.28.13/255.255.255.255 # Sales
acl acctakses src 192.168.28.5/255.255.255.255 # Acc
acl acctakses src 192.168.28.7/255.255.255.255 # Acc
acl ssl_ports port 443 563
acl safe_ports port 80
acl safe_ports port 8081
acl safe_ports port 21
acl safe_ports port 443 563
acl safe_ports port 70
acl safe_ports port 210
acl safe_ports port 3128
acl safe_ports port 1025-65535
acl safe_ports port 280
acl safe_ports port 488
acl safe_ports port 591
acl safe_ports port 777
acl waktupagi time 08:00-12:00
acl CONNECT method CONNECT
http_access allow manager localhost to_localhost
http_access deny manager
http_access deny !safe_ports
http_access allow fullakses
http_access allow limitedakses domainapprove
http_access allow gpiadmin
http_access allow acctakses domainapprove waktupagi
#---------------------#
#BLOCKING WEBSITES
#---------------------#
acl bad url_regex "/etc/squid/block.acl"
http_access deny bad
http_access allow gpiadmin
#--------------------#
# tambahan
#http_access deny domainterlarang !boleh
http_access deny all
icp_access allow fullakses
icp_access deny all
reply_body_max_size 0 allow all
cache_mgr agung@gpi-g.com
cache_effective_user squid
cache_effective_group squid
visible_hostname cache.palanta.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
query_icmp off
test_reachability off
buffered_logs on
reload_into_ims on
ie_refresh off
[root@router andar]#
Kernel 2.6.15-1.2054_FC5 on an i686
# Squid 2.5
http_port 3128 80 8081
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_query_timeout 0
maximum_icp_query_timeout 9000
mcast_icp_query_timeout 9000
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
cache_swap_low 80%
cache_swap_high 100%
maximum_object_size 1024 KB
#minimum_object_size 4 KB
#maximum_object_size_in_memory 8 KB
#ipcache_size 4096
#ipcache_low 90
#ipcache_high 95
#fqdncache_size 4096
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir diskd /cache 6000 14 256 Q1=64 Q2=72
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
negative_ttl 2 minutes
emulate_httpd_log on
log_ip_on_direct on
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
# ftp_user user@planta.com
ftp_passive on
# dns_retransmit_interval 5 seconds
dns_retransmit_interval 5 seconds
dns_timeout 5 minutes
diskd_program /usr/lib/squid/diskd
unlinkd_program /usr/lib/squid/unlinkd
redirect_rewrites_host_header on
request_header_max_size 10 MB
request_body_max_size 10 MB
auth_param basic children 5
auth_param basic realm squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern \.(gif|jpg|jpeg)$ 600 80% 86400
refresh_pattern \.(xbm|xpm|ico|tiff)$ 600 80% 86400
refresh_pattern \.(au|snd|wav|ra|mid)$ 600 80% 86400
refresh_pattern \.(qt|mov|avi|mpeg)$ 600 80% 86400
refresh_pattern \.(iv|wrl|vrml)$ 600 80% 86400
refresh_pattern \.(z|qz)$ 600 80% 86400
refresh_pattern \.(hqx|bin)$ 600 80% 86400
refresh_pattern \.(tar|zip)$ 600 80% 86400
refresh_pattern ^http:// 30 50% 86400
refresh_pattern ^ftp:// 30 50% 86400
refresh_pattern . 30 30% 43200
quick_abort_min 128 KB
quick_abort_max 4096 KB
quick_abort_pct 75
negative_ttl 1 minutes
range_offset_limit 0 KB
half_closed_clients off
shutdown_lifetime 30 seconds
#---------------------#
#BLOCKING WEBSITES
#---------------------#
acl bad url_regex "/etc/squid/block.txt"
http_access deny bad
#--------------------#
# Tambahan
acl domainapprove url_regex -i "/etc/squid/domain-approve.txt"
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/16
acl fullakses src 192.168.168.100/255.255.255.255
acl fullakses src 192.168.168.168/255.255.255.255
acl gpiadmin src 192.168.77.80/255.255.255.255
acl fullakses src 192.168.4.32/255.255.255.255 # GM
acl fullakses src 192.168.28.2/255.255.255.255 # Mgr Sales
acl fullakses src 192.168.28.9/255.255.255.255 # Ops
acl fullakses src 192.168.28.10/255.255.255.255 # Ops
acl limitedakses src 192.168.28.4/255.255.255.255 # Act
acl limitedakses src 192.168.28.13/255.255.255.255 # Sales
acl acctakses src 192.168.28.5/255.255.255.255 # Acc
acl acctakses src 192.168.28.7/255.255.255.255 # Acc
acl ssl_ports port 443 563
acl safe_ports port 80
acl safe_ports port 8081
acl safe_ports port 21
acl safe_ports port 443 563
acl safe_ports port 70
acl safe_ports port 210
acl safe_ports port 3128
acl safe_ports port 1025-65535
acl safe_ports port 280
acl safe_ports port 488
acl safe_ports port 591
acl safe_ports port 777
acl waktupagi time 08:00-12:00
acl CONNECT method CONNECT
http_access allow manager localhost to_localhost
http_access deny manager
http_access deny !safe_ports
http_access allow fullakses
http_access allow limitedakses domainapprove
http_access allow gpiadmin
http_access allow acctakses domainapprove waktupagi
#---------------------#
#BLOCKING WEBSITES
#---------------------#
acl bad url_regex "/etc/squid/block.acl"
http_access deny bad
http_access allow gpiadmin
#--------------------#
# tambahan
#http_access deny domainterlarang !boleh
http_access deny all
icp_access allow fullakses
icp_access deny all
reply_body_max_size 0 allow all
cache_mgr agung@gpi-g.com
cache_effective_user squid
cache_effective_group squid
visible_hostname cache.palanta.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
query_icmp off
test_reachability off
buffered_logs on
reload_into_ims on
ie_refresh off
[root@router andar]#
Subscribe to:
Posts (Atom)