diff options
| author | Eugeni Dodonov <eugeni@mandriva.org> | 2010-05-04 22:45:49 +0000 |
|---|---|---|
| committer | Eugeni Dodonov <eugeni@mandriva.org> | 2010-05-04 22:45:49 +0000 |
| commit | a674ea4cf8f175d9c006a122499457a27889fc23 (patch) | |
| tree | b310b8abc0bb3d0532a1756d28026c7f83048d4b /lib/network/squid.pm | |
| parent | ab55a814323b02d9b88e18ca4ef4c9d05e6ff063 (diff) | |
| download | drakx-net-a674ea4cf8f175d9c006a122499457a27889fc23.tar drakx-net-a674ea4cf8f175d9c006a122499457a27889fc23.tar.gz drakx-net-a674ea4cf8f175d9c006a122499457a27889fc23.tar.bz2 drakx-net-a674ea4cf8f175d9c006a122499457a27889fc23.tar.xz drakx-net-a674ea4cf8f175d9c006a122499457a27889fc23.zip | |
Fix squid config file generation (#58600)
Diffstat (limited to 'lib/network/squid.pm')
| -rw-r--r-- | lib/network/squid.pm | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/network/squid.pm b/lib/network/squid.pm index b92589f..427bce3 100644 --- a/lib/network/squid.pm +++ b/lib/network/squid.pm @@ -17,6 +17,7 @@ sub write_squid_conf { my ($squid_conf, $intf, $internal_domain_name) = @_; renamef($squid_conf_file, "$squid_conf_file.old"); + my $prefix = network::network::netmask_to_vlsm($intf->{NETMASK}); output($squid_conf_file, qq( http_port $squid_conf->{http_port}[0] transparent hierarchy_stoplist cgi-bin ? @@ -31,9 +32,8 @@ refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 half_closed_clients off -acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object -acl localhost src 127.0.0.1/255.255.255.255 +acl localhost src 127.0.0.0/8 acl to_localhost dst 127.0.0.0/8 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network @@ -55,7 +55,7 @@ http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost -acl mynetwork src $intf->{NETWORK}/$intf->{NETMASK} +acl mynetwork src $intf->{NETWORK}/$prefix http_access allow mynetwork http_access allow localnet http_access allow localhost |