Finish up squid.conf. Thanks to bkw for generqating the squid.conf

1 files changed, 20 insertions, 5 deletions

diff --git a/packages/squid.xml b/packages/squid.xml
index 6a5bebda..36ae5cc9 100644
--- a/packages/squid.xml
+++ b/packages/squid.xml
@@ -9,12 +9,27 @@
 	<custom_php_install_command>
 	    echo "&lt;pre&gt;";
 	    system("/bin/mkdir /usr/local/etc/squid");
+	    $lancfg = $config['interfaces']['lan'];
+	    $lanif = $lancfg['if'];
+	    $lanip = $lancfg['ipaddr'];
+	    $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+	    $lansn = $lancfg['subnet'];
+	    $netmask = "";
 	    $fout = fopen("/usr/local/etc/squid/squid.conf","w");
-	    fwrite($fout, "http_port 127.0.0.1:3128\n");
-	    fwrite($fout, "http_access deny to_localhost\n");
-	    fwrite($fout, "acl our_networks src 10.0.0.0/8\n");
-	    fwrite($fout, "http_access allow our_networks\n");
-	    fwrite($fout, "visible_hostname insomnia.benzedrine.cx\n");
+	    fwrite($fout, "# cat squid.conf\n");
+	    fwrite($fout, "http_port 3128\n");
+	    fwrite($fout, "icp_port 0\n");
+	    fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
+	    fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
+	    fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
+	    fwrite($fout, "acl Safe_ports port 80 443 210 119 70 21 1025-65535\n");
+	    fwrite($fout, "acl CONNECT method CONNECT\n");
+	    fwrite($fout, "http_access allow localnet\n");
+	    fwrite($fout, "http_access allow localhost\n");
+	    fwrite($fout, "http_access deny !Safe_ports\n");
+	    fwrite($fout, "http_access deny CONNECT\n");
+	    fwrite($fout, "http_access deny all\n");
+	    fwrite($fout, "visible_hostname pfSense\n");
 	    fwrite($fout, "httpd_accel_host virtual\n");
 	    fwrite($fout, "httpd_accel_port 80\n");
 	    fwrite($fout, "httpd_accel_with_proxy on\n");