aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2014-04-01 23:49:01 -0300
committerMarcello Coutinho <marcellocoutinho@gmail.com>2014-04-01 23:49:01 -0300
commitf57d04e10aca00827a329ea49097a47ba94c2a39 (patch)
tree4d6ce8764ed08ab4443210d58dee6331a946683d /config
parent492dcb92e3bf90b35dd42da0fc23ac175688132d (diff)
downloadpfsense-packages-f57d04e10aca00827a329ea49097a47ba94c2a39.tar.gz
pfsense-packages-f57d04e10aca00827a329ea49097a47ba94c2a39.tar.bz2
pfsense-packages-f57d04e10aca00827a329ea49097a47ba94c2a39.zip
squid3-dev - add option to enable and disable ICMP pinger helper
Thanks to bellera
Diffstat (limited to 'config')
-rwxr-xr-xconfig/squid3/33/squid.inc14
-rw-r--r--config/squid3/33/squid.xml6
2 files changed, 18 insertions, 2 deletions
diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc
index c0daa512..75806a00 100755
--- a/config/squid3/33/squid.inc
+++ b/config/squid3/33/squid.inc
@@ -943,6 +943,8 @@ function squid_resync_general() {
}
$logdir_cache = $logdir . '/cache.log';
$logdir_access = ($settings['log_enabled'] == 'on' ? $logdir . '/access.log' : '/dev/null');
+ $pinger_helper = ($settings['disable_pinger']) =='on' ? 'off' : 'on';
+ $pinger_program=SQUID_LOCALBASE."/libexec/squid/pinger";
$conf .= <<< EOD
icp_port {$icp_port}
@@ -957,6 +959,9 @@ cache_mgr {$email}
access_log {$logdir_access}
cache_log {$logdir_cache}
cache_store_log none
+netdb_filename {$logdir}/netdb.state
+pinger_enable {$pinger_helper}
+pinger_program {$pinger_program}
{$interception_checks}
EOD;
@@ -1661,10 +1666,10 @@ function squid_resync_auth() {
}
// SSL interception acl options part 2
- if ($settingsconfig['ssl_proxy'] == "on"){
+ /*if ($settingsconfig['ssl_proxy'] == "on"){
$conf .= "always_direct allow all\n";
$conf .= "ssl_bump server-first all\n";
- }
+ }*/
// Include squidguard denied acl log in squid
if ($settingsconfig['log_sqd'])
@@ -1742,6 +1747,11 @@ EOD;
// Custom User Options after authentication definition
$conf .= "# Custom options after auth\n".sq_text_area_decode($settingsconfig['custom_options2_squid3'])."\n\n";
+ // SSL interception acl options part 2
+ if ($settingsconfig['ssl_proxy'] == "on"){
+ $conf .= "always_direct allow all\n";
+ $conf .= "ssl_bump server-first all\n";
+ }
// Onto the ACLs
$password = array('localnet', 'allowed_subnets');
$passwordless = array('unrestricted_hosts');
diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml
index 1cbf2338..bf740221 100644
--- a/config/squid3/33/squid.xml
+++ b/config/squid3/33/squid.xml
@@ -301,6 +301,12 @@
<type>checkbox</type>
</field>
<field>
+ <fielddescr>Disable ICMP</fielddescr>
+ <fieldname>disable_pinger</fieldname>
+ <description><![CDATA[Enable this option to disable squid ICMP pinger helper.]]></description>
+ <type>checkbox</type>
+ </field>
+ <field>
<fielddescr>Use alternate DNS-servers for the proxy-server</fielddescr>
<fieldname>dns_nameservers</fieldname>
<description>If you want to use other DNS-servers than the DNS-forwarder, enter the IPs here, separated by semi-colons (;).</description>