analistalinux
(usa Conectiva)
Enviado em 03/11/2007 - 14:31h
Caros colegas,
Utilizo a distro ipcop como firewall e servidor DHCP, realmente e muito bom!!!, porem estou com uma duvida de como fazer para bloquear todo o trafego e liberar apenas as paginas que sao necessarias somente para trabalho. Configurei da seguinte forma, criei uma acl e um arquivo chamado block.txt onde estao as paginas a serem bloqueadas, porem eu quero fazer o seguinte, bloquear todo o trafego e criar um arquivo txt onde irei liberar apenas as paginas que realmente sao neessarias.Como ja tenho um arquivo txt na sei se existe um comando onde posso inserir para bloquear o trafedo ou tenho que criar uma acl, ou alterar algo no squid.conf , enfim, nao sei como fazer isso e peco a ajuda de vcs!!!
Segue abaixo o squid.conf
desde ja agradeco
analistalinux@hotmail.com
#################################################
shutdown_lifetime 5 seconds
icp_port 0
http_port 192.168.1.1:3128 transparent
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_effective_user squid
cache_effective_group squid
pid_filename /var/run/squid.pid
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
log_mime_hdrs off
forwarded_for off
# Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes
# you make will be overwritten whenever you resave proxy settings using the
# web interface! Instead, modify the file '/var/ipcop/proxy/acl' and then
# restart squid using the web interface. Changes made to the 'acl' file
# will propagate to the 'squid.conf' file at that time.
# [Scott Tregear, 22 Feb 2005]
# Uncomment the following line to enable logging of User-Agent header:
#useragent_log /var/log/squid/user_agent.log
# Uncomment the following line to enable logging of Referer header:
#referer_log /var/log/squid/referer.log
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 800 # Squids port (for icons)
acl IPCop_http port 81
acl IPCop_https port 445
acl IPCop_ips dst 192.168.1.1
acl IPCop_networks src 192.168.1.0/255.255.255.192
acl CONNECT method CONNECT
#################################################
acl blockedsites url_regex -i "/var/ipcop/proxy/block.txt"
acl unblockedsites url_regex -i "/var/ipcop/proxy/unblock.txt"
http_access deny blockedsites !unblockedsites
#################################################
##Access to squid:
#local machine, no restriction
http_access allow localhost
#GUI admin if local machine connects
http_access allow IPCop_ips IPCop_networks IPCop_http
http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
#Deny not web services
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#Finally allow IPCop_networks clients
http_access allow IPCop_networks
http_access deny all
maximum_object_size 4096 KB
minimum_object_size 0 KB
cache_mem 2000 KB
cache_dir aufs /var/log/cache 50 16 256
request_body_max_size 0 KB
reply_body_max_size 0 allow all
visible_hostname Firewall