add macro for proxy

2021-05-26 13:20:12 +02:00 · 2021-05-26 13:20:12 +02:00 · f87bbe5442
parent 0f93e8e75e
commit f87bbe5442
2 changed files with 25 additions and 0 deletions
--- a/19
+++ b/19
@ -85,6 +85,9 @@ SSHOK=''
 SMTPOK=''
 SMTPSECUREOK=''
 NTPOK=''
+PROXY=''
+PROXYBYPASS=''
+PROXYPORT=''
 BACKUPSERVERS=''

 legacy_config_file="/etc/firewall.rc"
@ -101,6 +104,9 @@ is_ipv6_enabled() {
 is_docker_enabled() {
    test "${DOCKER}" = "on"
 }
+is_proxy_enabled() {
+    test "${PROXY}" = "on"
+}
 chain_exists() {
    chain_name="$1"
    if [ $# -ge 2 ]; then
@ -406,6 +412,19 @@ start() {
        ${IPT} -A OUTPUT -o ${INT} -p udp -d ${src} --dport 123 --match state --state NEW -j ACCEPT
    done

+    # Proxy (Squid)
+    if is_proxy_enabled; then
+        ${IPT} -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT
+        if [ -n "${INTLAN}" ]; then
+            ${IPT} -t nat -A OUTPUT -p tcp --dport 80 -d "${INTLAN}" -j ACCEPT
+        fi
+        ${IPT} -t nat -A OUTPUT -p tcp --dport 80 -d "127.0.0.0/8" -j ACCEPT
+        for dstip in ${PROXYBYPASS}; do
+            ${IPT} -t nat -A OUTPUT -p tcp --dport 80 -d "${dstip}" -j ACCEPT
+        done
+        ${IPT} -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port "${PROXYPORT:-'8888'}"
+    fi
+
    # Output for backup servers
    for server in ${BACKUPSERVERS}; do
        server_ip=$(echo "${server}" | cut -d ':' -f1)
--- a/minifirewall.conf
+++ b/minifirewall.conf
@ -77,6 +77,12 @@ SMTPSECUREOK=''
 # NTP authorizations
 NTPOK='0.0.0.0/0'

+# Proxy (Squid)
+PROXY='off'
+# (destinations that bypass the proxy. ${INTLAN} and '127.0.0.0/8' are always added to the list)
+PROXYBYPASS=''
+# (proxy port, default if missing: '8888')
+PROXYPORT=''

 # Backup servers
 # (add IP:PORT for each one, example: '192.168.10.1:1234 192.168.10.2:5678')