add macro for proxy
This commit is contained in:
parent
0f93e8e75e
commit
f87bbe5442
19
minifirewall
19
minifirewall
|
@ -85,6 +85,9 @@ SSHOK=''
|
|||
SMTPOK=''
|
||||
SMTPSECUREOK=''
|
||||
NTPOK=''
|
||||
PROXY=''
|
||||
PROXYBYPASS=''
|
||||
PROXYPORT=''
|
||||
BACKUPSERVERS=''
|
||||
|
||||
legacy_config_file="/etc/firewall.rc"
|
||||
|
@ -101,6 +104,9 @@ is_ipv6_enabled() {
|
|||
is_docker_enabled() {
|
||||
test "${DOCKER}" = "on"
|
||||
}
|
||||
is_proxy_enabled() {
|
||||
test "${PROXY}" = "on"
|
||||
}
|
||||
chain_exists() {
|
||||
chain_name="$1"
|
||||
if [ $# -ge 2 ]; then
|
||||
|
@ -406,6 +412,19 @@ start() {
|
|||
${IPT} -A OUTPUT -o ${INT} -p udp -d ${src} --dport 123 --match state --state NEW -j ACCEPT
|
||||
done
|
||||
|
||||
# Proxy (Squid)
|
||||
if is_proxy_enabled; then
|
||||
${IPT} -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT
|
||||
if [ -n "${INTLAN}" ]; then
|
||||
${IPT} -t nat -A OUTPUT -p tcp --dport 80 -d "${INTLAN}" -j ACCEPT
|
||||
fi
|
||||
${IPT} -t nat -A OUTPUT -p tcp --dport 80 -d "127.0.0.0/8" -j ACCEPT
|
||||
for dstip in ${PROXYBYPASS}; do
|
||||
${IPT} -t nat -A OUTPUT -p tcp --dport 80 -d "${dstip}" -j ACCEPT
|
||||
done
|
||||
${IPT} -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port "${PROXYPORT:-'8888'}"
|
||||
fi
|
||||
|
||||
# Output for backup servers
|
||||
for server in ${BACKUPSERVERS}; do
|
||||
server_ip=$(echo "${server}" | cut -d ':' -f1)
|
||||
|
|
|
@ -77,6 +77,12 @@ SMTPSECUREOK=''
|
|||
# NTP authorizations
|
||||
NTPOK='0.0.0.0/0'
|
||||
|
||||
# Proxy (Squid)
|
||||
PROXY='off'
|
||||
# (destinations that bypass the proxy. ${INTLAN} and '127.0.0.0/8' are always added to the list)
|
||||
PROXYBYPASS=''
|
||||
# (proxy port, default if missing: '8888')
|
||||
PROXYPORT=''
|
||||
|
||||
# Backup servers
|
||||
# (add IP:PORT for each one, example: '192.168.10.1:1234 192.168.10.2:5678')
|
||||
|
|
Loading…
Reference in a new issue