Enviado em 17/02/2014 - 20:16h
Olá Amigos recentemente eu implementei o Dansguargian e o Squid3(com a ajuda do VOL) na empresa onde eu trabalho e tive resultado bem positivo, porem em alguns momentos a rede da uma parada repentina e volta depois de um tempo.#REPORT reportinglevel = 3 #IDIOMA languagedir = '/etc/dansguardian/languages' language = 'ptbrazilian' #LOGs loglevel = 3 logexceptionhits = 2 logfileformat = 3 loglocation = '/var/log/dansguardian/access.log' # Network Settings filterip = filterport = 8080 proxyip = 127.0.0.1 proxyport = 3128 nonstandarddelimiter = on #IMAGENS BLOQUEADAS usecustombannedimage = on custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif' # Filter groups options filtergroups = 1 filtergroupslist = '/etc/dansguardian/lists/filtergroupslist' # Authentication files location bannediplist = '/etc/dansguardian/lists/bannediplist' exceptioniplist = '/etc/dansguardian/lists/exceptioniplist' #PALAVRAS - PESO showweightedfound = on weightedphrasemode = 2 # Positive (clean) result caching for URLs urlcachenumber = 1000 # Age before they are stale and should be ignored in seconds urlcacheage = 900 # Clean cache for content (AV) scan results scancleancache = on #Smart, Raw and Meta/Title phrase content filtering options phrasefiltermode = 2 # Lower casing options / 0 = force lower case (default) preservecase = 0 # Hex decoding options hexdecodecontent = off # Force Quick Search rather than DFA search algorithm forcequicksearch = off # Reverse lookups for banned site and URLs. reverseaddresslookups = off # Reverse lookups for banned and exception IP lists. reverseclientiplookups = off # Perform reverse lookups on client IPs for successful requests. logclienthostnames = off # Build bannedsitelist and bannedurllist cache files. createlistcachefiles = on # POST protection (web upload and forms) maxuploadsize = -1 # Max content filter size maxcontentfiltersize = 256 # Max content ram cache scan size maxcontentramcachescansize = 2000 # Max content file cache scan size maxcontentfilecachescansize = 20000 # File cache dir filecachedir = '/tmp' # Delete file cache after user completes download deletedownloadedtempfiles = on # Initial Trickle delay initialtrickledelay = 20 # Trickle delay trickledelay = 10 # Download Managers downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf' downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf' # Content scanner timeout contentscannertimeout = 60 # Content scan exceptions contentscanexceptions = off # Auth plugins authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf' authplugin = '/etc/dansguardian/authplugins/ip.conf' # Re-check replaced URLs recheckreplacedurls = off # Misc settings forwardedfor = off usexforwardedfor = off logconnectionhandlingerrors = on # Fork pool options logchildprocesshandling = off maxchildren = 120 minchildren = 8 minsparechildren = 4 preforkchildren = 6 maxsparechildren = 32 maxagechildren = 500 # Sets the maximum number client IP addresses allowed to connect at once. maxips = 0 # IPC filename ipcfilename = '/tmp/.dguardianipc' # URL list IPC filename urlipcfilename = '/tmp/.dguardianurlipc' # IP list IPC filename ipipcfilename = '/tmp/.dguardianipipc' # PID filename nodaemon = off # Disable logging process nologger = off # Enable logging of "ADs" category blocks logadblocks = on # Enable logging of client User-Agent loguseragent = off # Soft restart softrestart = off
#------------------------------------------------------------------ acl manager proto cache_object acl redelocal src 192.168.0.0/24 acl localhost src 127.0.0.1/32 #------------------------------------------------------------------ dns-nameservers 8.8.8.8 dns-nameservers 8.8.4.4 acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl Safe_ports port 5000 # VPN #------------------------------------------------------------------ acl CONNECT method CONNECT acl purge method PURGE #update-------------------------- #acl permitido url_regex -i "/etc/squid3/permitido.txt" #acl restrito url_regex -i "/etc/squid3/restrito.txt" #------------------------------------------------------------------ http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge #------------------------------------------------------------------ http_access deny !Safe_ports http_access deny CONNECT !SSL_ports #update-------------------- #http_access allow permitido #http_access deny restrito #------------------------------------------------------------------ http_access allow redelocal http_access allow localhost #------------------------------------------------------------------ http_access deny all #------------------------------------------------------------------ http_port 3128 intercept #------------------------------------------------------------------ cache_mem 2000 MB #------------------------------------------------------------------ maximum_object_size_in_memory 512 KB #------------------------------------------------------------------ memory_replacement_policy heap GDSF #------------------------------------------------------------------ cache_replacement_policy heap LFUDA #------------------------------------------------------------------ cache_dir aufs /var/spool/squid3 40048 16 256 #------------------------------------------------------------------ maximum_object_size 4 GB minimum_object_size 0 KB #------------------------------------------------------------------ cache_swap_low 93 cache_swap_high 97 #------------------------------------------------------------------ access_log /var/log/squid3/access.log squid #------------------------------------------------------------------ cache_store_log none #------------------------------------------------------------------ mime_table /usr/share/squid3/mime.conf #------------------------------------------------------------------ cache_log /var/log/squid3/cache.log #------------------------------------------------------------------ coredump_dir /var/spool/squid3 #------------------------------------------------------------------ refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 refresh_pattern -i \.(gif|png|jpg|jpeg|ico|bmp)$ 260000 90% 260009 override-expire refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv|mpg|wma|ogg|wmv|asx|asf)$ 260000 90% 260009 override-expire refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf|uxx)$ 260000 90% 260009 override-expire refresh_pattern -i \.index.(html|htm)$ 1440 90% 40320 refresh_pattern -i \.(html|htm|css|js)$ 1440 90% 40320 #fazer cache do windows update refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims refresh_pattern www.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims refresh_pattern msgruser.dlservice.microsoft.com/.*.(cab|exe|msi) 10080 100% 43200 reload-into-ims refresh_pattern download.windowsupdate.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims refresh_pattern update.microsoft.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims #_______________________ cache_mgr ti_01@canadense.com.br #_______________________ visible_hostname Debianserver #_______________________ detect_broken_pconn on #_______________________ global_internal_static on #_______________________ error_directory /usr/share/squid3/errors/Portuguese #_______________________ memory_pools on memory_pools_limit 32 MB #_______________________ pipeline_prefetch on #_______________________
#! /bin/bash iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD iptables -t nat -F iptables -t mangle -F modprobe ip_tables modprobe iptable_nat modprobe ipt_string echo "1" > /proc/sys/net/ipv4/ip_forward #iptables -I FORWARD -m string --algo bm --string "facebook.com" -j DROP #iptables -I OUTPUT -m string --algo bm --string "facebook.com" -j DROP #iptables -I FORWARD -m string --algo bm --string "login.live.com" -j DROP #iptables -I OUTPUT -m string --algo bm --string "login.live.com" -j DROP #iptables -I FORWARD -m string --algo bm --string "twitter.com" -j DROP #iptables -I OUTPUT -m string --algo bm --string "twitter.com" -j DROP iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 8080 #iptables -A INPUT -p tcp --dport 3128 -i eth2 -j ACCEPT #Proxy #iptables -A INPUT -p tcp --dport 80 -i eth2 -j ACCEPT #HTTP #iptables -A INPUT -p tcp --dport 21 -i eth2 -j ACCEPT #FTP #iptables -A INPUT -p tcp --dport 53 -i eth2 -j ACCEPT #DNS #iptables -A INPUT -p udp --dport 53 -i eth2 -j ACCEPT #DNS #iptables -A INPUT -p tcp --dport 25 -i eth2 -j ACCEPT #SMTP #iptables -A INPUT -p tcp --dport 110 -i eth2 -j ACCEPT #SSL #iptables -A INPUT -p udp --dport 110 -i eth2 -j ACCEPT #SSL #iptables -A INPUT -p tcp --dport 80 -i eth2 -j ACCEPT #SSL ##iptables -A INPUT -p udp --dport 80 -i eth2 -j ACCEPT #SSL #iptables -A INPUT -p tcp --dport 443 -i eth2 -j ACCEPT #SSL #iptables -A INPUT -p udp --dport 443 -i eth2 -j ACCEPT #SSL #(tentativa de corrigir o Dansguardian) iptables -t nat -A PREROUTING -p tcp -m multiport -s 192.168.0.0/24 --dport 3128 -j REDIRECT --to-ports 8080 #iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128 #iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p udp --dport 80 -j REDIRECT --to-port 3128 #iptables -t nat -A PREROUTING -p tcp -m multiport -s 192.168.0.0/24 --dport 3128 -j REDIRECT --to-ports 8080 iptables -A INPUT -i eth2 -p tcp --dport 8080 -j ACCEPT #iptables -A INPUT -p tcp --dport 10000 -j ACCEPT iptables -A INPUT -p tcp --dport 4363 -j ACCEPT iptables -A OUTPUT -s 192.168.0.0/24 -j ACCEPT iptables -A INPUT -d 192.168.0.0/24 -j ACCEPT #iptables -t filter -A FORWARD -p tcp --dport 8443 -j ACCEPT #iptables -t filter -A FORWARD -p tcp --dport 443 -j ACCEPT
Como gerar qualquer emoji ou símbolo unicode a partir do seu teclado
Instalar e Configurar o Slackware Linux em 2025
Como configurar os repositórios do apt no Debian 12 em 2025
Passkeys: A Evolução da Autenticação Digital
Instalação de distro Linux em computadores, netbooks, etc, em rede com o Clonezilla
Muitas dificuldades ao instalar distro Linux em Notebook Sony Vaio PCG-6131L (VPCEA24FM)
Slackpkg+ (Slackpkg Plus) está de volta!
Como dividir duas janelas igualmente e lado-a-lado na sua tela
Configurando o Conky para iniciar corretamente no sistema
3 configurações básicas que podem melhorar muito a sua edição pelo editor nano
Problemas com SQL em objeto TLabel ... (1)
Youtube e networkmeneger para de funcionar (5)
Minha rede tem um espaço invisível que não dá pra digitar o nome da re... (1)
Pedagogia no brasil não passa de alfabetização por m4sturbação mental ... (2)