forum.lissyara.su

Код: Выделить всё

 ext_if="em0"
 int_if="em1"
 proxy_port="3128"
 proxy_if="127.0.0.1"

 int_net="10.0.0.0/24"
 ext_ip="192.168.99.122"

 web_ports="{ 80, 8080, 9080 }"

 scrub in all

 #NAT
 nat on $ext_if from !($ext_if) -> ($ext_if:0)
 rdr pass on $int_if proto tcp to port 80 -> 10.0.0.2 port 3128
 #SSHGUARD
 table <sshguard> persist
 block in quick on $ext_if proto tcp from <sshguard> to any port 22 label "ssh brutforce"

 #PERMIT SSH IN
 pass in quick on $ext_if proto tcp from any to any port 22 keep state


 #PERMIT VPN
 pass in quick on $ext_if proto tcp from any to any port 1723 keep state

 #PERMIT ALL OUT
 pass out quick on $ext_if from $int_net to any keep state
 pass out quick on $ext_if from $ext_ip to any keep state

 #BLOCK ALL IN
 block in log quick on $ext_if from any to any

Код: Выделить всё

 http_port 10.0.0.2:3128
 tcp_outgoing_address 192.168.99.122

 cache_mem 64 MB
 maximum_object_size 4096 KB
 minimum_object_size 0 KB
 logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt

 access_log /var/log/access.log squid
 cache_log /var/log/cache.log
 cache_effective_user squid
 cache_effective_group squid
 visible_hostname FreeBSD

 error_directory /usr/local/etc/squid/errors/ru

 acl localnet src 10.0.0.0/24 # RFC 4291 link-local (directly plugged) machines

 acl SSL_ports port 443
 acl Safe_ports port 80 # http
 acl Safe_ports port 21 # ftp
 acl Safe_ports port 443 # https
 acl Safe_ports port 70 # gopher
 acl Safe_ports port 210 # wais
 acl Safe_ports port 1025-65535 # unregistered ports
 acl Safe_ports port 280 # http-mgmt
 acl Safe_ports port 488 # gss-http
 acl Safe_ports port 591 # filemaker
 acl Safe_ports port 777 # multiling http
 acl CONNECT method CONNECT

 http_access allow localhost manager
 http_access deny manager

 http_access allow localnet
 http_access allow localhost

 http_access deny all

Код: Выделить всё

own     pf      root:squid
perm    pf      0640