julianderson
(usa Debian)
Enviado em 14/10/2011 - 18:27h
Ola amigos da vol.. Gostaria de saber como faço pra deixa a minha rede na seguinte situação
eu ja tenho um servidor linux debian squeeze rodando com firewall squid e sarg.A minha questão e se a possibilidade de quando algum cliente colocar seu notebook o computador na rede e o mesmo nao navegasse na internet ou seja algum serviço bloqueando esta maquina. firewall ou squid.. Agradeco a ajuda de todos
segue o meu squid.conf
#-----------------------------------------------#
# <<_Porta padrao Squid3_>> #
#-----------------------------------------------#
http_port 3128 transparent
# ----------------------------------------------#
# <<_Nome Servidor para squid transparent_>> #
visible_hostname pole
# ----------------------------------------------#
# CONFIGURACES PADRAO #
#-----------------------------------------------#
icp_port 0
hierarchy_stoplist cgi-bin?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_mem 128 MB
cache_dir ufs /var/spool/squid3 3000 16 256
maximum_object_size 4000 KB
minimum_object_size 4 KB
maximum_object_size_in_memory 64 KB
cache_access_log /var/log/squid3/access.log
cache_log /var/log/squid3/cache.log
cache_swap_log /var/spool/squid3/swap.log
ipcache_size 1024
ipcache_low 90
ipcache_high 95
logformat squid %ts.%3tu %tr %>a %Ss /%03>Hs %<st %rm %ru %un %Sh/$<A %mt
access_log /var/log/squid3/access.log
cache_swap_low 90
cache_swap_high 95
dns_nameservers 8.8.8.8 8.8.4.4
coredump_dir /var/spool/squid3
refresh_pattern -i ^http://.*\.(css|htm|html|ico|js|jsp|xml)$ 1440 80% 999999
refresh_pattern -i ^http://.*\.(bmp|gif|jpeg|jpg|png)$ 1440 80% 999999 ignore-reload
refresh_pattern -i ^http://.*\.(ace|adt|arj|asf|avi|bin|bz2|bzip|cab|dat|dll|doc|dot|exe|fla|flv|gz|iso|lha|log|lzh|mdb|mid|mov|mp3|mpeg|mpg|msi|mso|ogg|pps|ppt|rar|rm|rtf|shs|src|sys|swf|tgz|tif|ttf|wav|wma|wri|wmv|vpu|vpaa|vqf|vob|zip)$ 43200 100% 999999 ignore-reload
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
ie_refresh on
half_closed_clients off
httpd_suppress_version_string on
# --------------------------------------------- #
# << Inicio das ACLs Padão do Squid3 >> #
# --------------------------------------------- #
acl redelocal src 192.168.0.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl SSl_ports port 443 563 # snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 56 # https. snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 #wains
acl Safe_ports port 1028-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 407 # msn
acl Safe_ports port 25 # smtp
acl Safe_ports port 110 # pop
acl purge method PURGE
acl CONNECT method CONNECT
# ----------------------------------------------------- #
# << Politicas de ACls
#SITES BLQUEADOS >> #
acl sitesbloqueados url_regex -i "/etc/squid3/personalizadosq3/sites.deny"
# << ACLS SITES LIBERADOS >> #
acl sitesliberados url_regex -i "/etc/squid3/personalizadosq3/sites.allow"
# << ACLS PALAVRAS BLOQUEADAS>> #
acl palavrasbloqueadas url_regex -i "/etc/squid3/personalizadosq3/palavras.deny"
# << ACLS BLOQUEIO DOWNLOADS>> #
#acl downloadsbloqueados url_regex -i "/etc/squid3/personalizadosq3/downloads.deny"
# << ACLS LIBERAR DOWNLOADS >> #
acl downloadsliberados url_regex -i "/etc/squid3/personalizadosq3/downloads.allow"
# ----------------------------------------------------- #
# << Acls para grupos de acesso >> #
# ----------------------------------------------------- #
acl diretoria src "/etc/squid3/personalizadosq3/ip.diretoria"
acl gerencial src "/etc/squid3/personalizadosq3/ip.gerencial"
acl funcionarios src "/etc/squid3/personalizadosq3/ip.funcionarios"
# --------------------------------------------------------------------- #
# << Ativando as Politicas de Acesso por Groupos >> #
# --------------------------------------------------------------------- #
http_access allow sitesliberados
http_access allow downloadsliberados
http_access allow diretoria
http_access allow gerencial
http_access allow funcionarios !sitesbloqueados !palavrasbloqueadas
http_access deny sitesbloqueados
http_access deny palavrasbloqueadas
#http_access deny downloadsbloqueados
# ----------------------------------------------------------------------#
http_access allow redelocal
http_access allow PURGE localhost
http_access allow manager localhost
http_access deny purge
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# ----------------------------------------------------------------------#
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/share/squid3/errors/Portuguese
# ----------------------------------------------------------------------#