Увидели сообщение с непонятной ссылкой, спам, непристойность или оскорбление?Воспользуйтесь ссылкой «Сообщить модератору» рядом с сообщением!
0 Пользователей и 1 Гость просматривают эту тему.
#!/usr/bin/env bashexport IPT="iptables"# WAN 1export WAN=ppp0export WAN_IP=ххх.ххх.ххх.ххх# Localexport LAN1=br0export LAN1_IP_RANGE=192.168.88.0/24# Flush rules$IPT -F$IPT -X$IPT -t nat -F$IPT -t nat -X$IPT -t mangle -F$IPT -t mangle -X$IPT -P INPUT ACCEPT$IPT -P FORWARD ACCEPT$IPT -P OUTPUT ACCEPT# Deny all#$IPT -P INPUT DROP#$IPT -P OUTPUT DROP#$IPT -P FORWARD DROP# Allow local$IPT -A INPUT -i lo -j ACCEPT$IPT -A INPUT -i $LAN1 -j ACCEPT$IPT -A OUTPUT -o lo -j ACCEPT$IPT -A OUTPUT -o $LAN1 -j ACCEPT# Allow ping$IPT -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT$IPT -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT$IPT -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT$IPT -A INPUT -p icmp --icmp-type echo-request -j ACCEPT$IPT -t nat -I PREROUTING 1 -p tcp --dport 3030 -j DNAT --to-destination 192.168.88.241:3389$IPT -A INPUT -i ppp+ -j ACCEPT$IPT -A OUTPUT -o ppp+ -j ACCEPT$IPT -F FORWARD$IPT -A FORWARD -j ACCEPTiptables -t nat -A PREROUTING -i $LAN1 -p tcp --dport 80 -j REDIRECT --to-ports 3128iptables -t nat -A PREROUTING -i $LAN1 -p tcp --dport 443 -j REDIRECT --to-ports 3129$IPT -A POSTROUTING -t nat -o ppp+ -j MASQUERADE
acl all src allacl office src 192.168.88.1-192.168.88.200/255.255.255.0acl serv2019 src 192.168.1.241/32acl SSL_ports port 443acl CONNECT method CONNECTacl Safe_ports port 80acl Safe_ports port 21 # httpacl Safe_ports port 443 # ftpacl Safe_ports port 70 # httpsacl Safe_ports port 210 # gopheracl Safe_ports port 1025-65535 # waisacl Safe_ports port 280 # unregistered portsacl Safe_ports port 488 # http-mgmtacl Safe_ports port 591 # gss-httpacl Safe_ports port 777 # filemakerhttp_access deny !Safe_portshttp_access deny CONNECT !SSL_portshttp_access allow localhosthttp_access allow officehttp_access allow serv2019http_access deny allhttp_port 192.168.88.250:3128#http_port 192.168.88.250:3129 intercepthttp_port 192.168.88.250:3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/squidca.pem#acl nosslintercept ssl::server_name "/etc/squid/sites_nossl.txt"acl step1 at_step SslBump1ssl_bump peek step1ssl_bump bump allsslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MBdns_nameservers 8.8.8.8refresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0% 0refresh_pattern . 0 20% 4320
Страница сгенерирована за 0.035 секунд. Запросов: 22.