diff options
author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2014-04-01 23:49:01 -0300 |
---|---|---|
committer | Marcello Coutinho <marcellocoutinho@gmail.com> | 2014-04-01 23:49:01 -0300 |
commit | f57d04e10aca00827a329ea49097a47ba94c2a39 (patch) | |
tree | 4d6ce8764ed08ab4443210d58dee6331a946683d | |
parent | 492dcb92e3bf90b35dd42da0fc23ac175688132d (diff) | |
download | pfsense-packages-f57d04e10aca00827a329ea49097a47ba94c2a39.tar.gz pfsense-packages-f57d04e10aca00827a329ea49097a47ba94c2a39.tar.bz2 pfsense-packages-f57d04e10aca00827a329ea49097a47ba94c2a39.zip |
squid3-dev - add option to enable and disable ICMP pinger helper
Thanks to bellera
-rwxr-xr-x | config/squid3/33/squid.inc | 14 | ||||
-rw-r--r-- | config/squid3/33/squid.xml | 6 |
2 files changed, 18 insertions, 2 deletions
diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index c0daa512..75806a00 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -943,6 +943,8 @@ function squid_resync_general() { } $logdir_cache = $logdir . '/cache.log'; $logdir_access = ($settings['log_enabled'] == 'on' ? $logdir . '/access.log' : '/dev/null'); + $pinger_helper = ($settings['disable_pinger']) =='on' ? 'off' : 'on'; + $pinger_program=SQUID_LOCALBASE."/libexec/squid/pinger"; $conf .= <<< EOD icp_port {$icp_port} @@ -957,6 +959,9 @@ cache_mgr {$email} access_log {$logdir_access} cache_log {$logdir_cache} cache_store_log none +netdb_filename {$logdir}/netdb.state +pinger_enable {$pinger_helper} +pinger_program {$pinger_program} {$interception_checks} EOD; @@ -1661,10 +1666,10 @@ function squid_resync_auth() { } // SSL interception acl options part 2 - if ($settingsconfig['ssl_proxy'] == "on"){ + /*if ($settingsconfig['ssl_proxy'] == "on"){ $conf .= "always_direct allow all\n"; $conf .= "ssl_bump server-first all\n"; - } + }*/ // Include squidguard denied acl log in squid if ($settingsconfig['log_sqd']) @@ -1742,6 +1747,11 @@ EOD; // Custom User Options after authentication definition $conf .= "# Custom options after auth\n".sq_text_area_decode($settingsconfig['custom_options2_squid3'])."\n\n"; + // SSL interception acl options part 2 + if ($settingsconfig['ssl_proxy'] == "on"){ + $conf .= "always_direct allow all\n"; + $conf .= "ssl_bump server-first all\n"; + } // Onto the ACLs $password = array('localnet', 'allowed_subnets'); $passwordless = array('unrestricted_hosts'); diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml index 1cbf2338..bf740221 100644 --- a/config/squid3/33/squid.xml +++ b/config/squid3/33/squid.xml @@ -301,6 +301,12 @@ <type>checkbox</type> </field> <field> + <fielddescr>Disable ICMP</fielddescr> + <fieldname>disable_pinger</fieldname> + <description><![CDATA[Enable this option to disable squid ICMP pinger helper.]]></description> + <type>checkbox</type> + </field> + <field> <fielddescr>Use alternate DNS-servers for the proxy-server</fielddescr> <fieldname>dns_nameservers</fieldname> <description>If you want to use other DNS-servers than the DNS-forwarder, enter the IPs here, separated by semi-colons (;).</description> |