Je n'ai pas encore installé squidguard, voici les compléments :
Mes règles iptables :
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT ACCEPT
# Vider les tables actuelles
iptables -t filter -F
iptables -t filter -X
# Ne pas casser les connexions etablies
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
# squid
iptables -t filter -A INPUT -p tcp --dport 4486 -j ACCEPT
Mon squid.conf :
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl kawer src 88.xxx.xxx.xxx
http_access allow kawer
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_portshttp_access allow localhost manager
http_access deny manager
http_port 4486
forwarded_for off
Squid fonctionne :
root 1116 0.0 0.2 79616 5308 ? Ss 08:07 0:00 /usr/sbin/squid3 -YC -f /etc/squid3/squid.conf
proxy 1121 0.0 1.1 120320 23872 ? S 08:07 0:00 (squid-1) -YC -f /etc/squid3/squid.conf
proxy 1128 0.0 0.0 33624 1872 ? S 08:07 0:00 (logfile-daemon) /var/log/squid3/access.log
kawer 1422 0.0 0.0 12684 1624 pts/0 S+ 11:44 0:00 grep squid
Squid n'est à l'écoute sur aucun ports.
netstat -atup | grep LISTEN
tcp 0 0 *:ssh *:* LISTEN 286/sshd
tcp6 0 0 [::]:ssh [::]:* LISTEN 286/sshd
Dernière modification par kawer (29-04-2016 10:53:03)
ThinkPad T530 - Debian - CoreBoot