1. Kernel Config
###kernel###
machine i386
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident NOVERNET
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
options IPDIVERT
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options HZ=1000
options SYSVMSG
options MSGMNB=8192
options MSGMNI=40
options MSGSEG=512
options MSGSSZ=64
options MSGTQL=2048
options SYSVSHM
options SHMSEG=16
options SHMMNI=32
options SHMMAX=2097152
options SHMALL=4096
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_CDNR
options ALTQ_PRIQ
options NETGRAPH
options NETGRAPH_ETHER
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET
options IPFILTER
options IPFILTER_LOG
2. Config rc.conf
###rc.conf###
sshd_enable="YES"
fsck_y_enable="YES"
gateway_enable="YES"
ppp_enable="YES"
ppp_mode="ddial"
ppp_profile="speedy"
ppp_nat="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""
ifconfig_rl0="up"
ifconfig_rl0="inet 192.168.2.2 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.1.1 netmask 255.255.255.0"
hostname="router.nover.net.id"
3. Pf.conf
###pf.conf###
ext_if ='tun0'
all_if ='{ tun0 rl1 }'
int_if ='rl1 '
noacc ='{ 67 68 69 135 136 137 138 139 213 445 552 554 1034 1080 \
1433 1434 4000 4444 4661 4662 6257 6346 6347 6699 \
7070 }'
dfltport='{ 20 21 80 443 6660:6670 5001 5010 5050 5100 }'
p2p='{1214 3000:4900 4661:4672 6257 6699 6346 6881:6889 4662 4672}'
prioport='{ 22 161 162 1740:1900 2075 2212 3000:3200 3700:3999 \
4001:4900 5000 6900 7000 8000 8360:8364 8352 8372 \
10011 10021 10031 10041 10051 10061 10071 10102 13412 \
13413 13450 20000 20201 20202 }'
gameport='{ 1740:1900 2075 3000:3200 3700:3999 4001:4900 5000 5121 6121 6900
7000 8000 8360:8364 8352 8372 10011 10021 10031 10041 10051 10061 \
10071 10102 13412 13413 13450 20000 20201 20202 64113 64381 }'
cached ='{ 80 3128 8080 8081 }'
ssh1port='{ 22 2212 1680 1870 }'
snmpport='{ 161 162 }'
bio ='block in on'
boo ='block out on'
biqo ='block in quick on'
bdiqo ='block drop in quick on'
bilqo ='block in log quick on'
boqo ='block out quick on'
bdqo ='block drop quick on'
bdoqo ='block drop out quick on'
bdqlo ='block drop quick on'
bqo ='block quick on'
bolqo ='block out log quick on'
poqo ='pass out quick on'
piqo ='pass in quick on'
polqo ='pass out log quick on'
pilqo ='pass in log quick on'
prio ='priority'
pif ='proto tcp from'
pqo ='pass quick on'
puifa ='proto { udp icmp } from any'
puif ='proto { udp icmp } from'
ptufa ='proto { tcp udp } from any'
ptuif ='proto { tcp udp icmp } from'
ptuifa ='proto { tcp udp icmp } from any'
ptuf ='proto { tcp udp } from'
puf ='proto udp from'
ptfa ='proto tcp from any'
pufatap ='proto udp from any to any port'
pufap ='proto udp from any port'
pif ='proto icmp from'
ptf ='proto tcp from'
pifa ='proto icmp from any'
ptufap ='proto { tcp udp } from any port'
fata ='from any to any'
priq0 ='{ q_def0, q_pri0 }'
priq1 ='{ q_def1, q_pri1 }'
apriq0 ='(q_def0, q_pri0)'
apriq1 ='(q_def1, q_pri1)'
fat ='from any to'
poo ='pass out on'
pio ='pass in on'
pef ='persist file'
pst ='persist'
tbl ='table'
crd ='cbq(red default)'
crb ='cbq(red borrow)'
ptt ='proto tcp to'
ks ='keep state'
ms ='modulate state'
st ='set timeout'
bw ='bandwidth'
fa ='from any'
cd ='cbq(default)'
cr ='cbq(red)'
cq ='cbq queue'
hq ='hfsc queue'
fs ='flags S/SA'
qu ='queue'
ql ='qlimit'
rt ='realtime'
ls ='linkshare'
ul ='upperlimit'
pt ='proto tcp'
$st { interval 30, frag 10 }
$st { tcp.first 120, tcp.opening 30, tcp.established 86400 }
$st { tcp.closing 500, tcp.finwait 45, tcp.closed 40 }
$st { udp.first 60, udp.single 30, udp.multiple 60 }
$st { icmp.first 20, icmp.error 10 }
$st { other.first 60, other.single 30, other.multiple 60 }
set limit { states 20000, frags 20000 }
set optimization normal
set block-policy return
set state-policy if-bound
set loginterface $int_if
set loginterface $ext_if
$tbl <spamd> $pst
$tbl <bad_hosts> $pst
scrub in
scrub out no-df random-id
#nat on $ext_if from 192.168.1.0/28 -> 202.152.58.197
##nat on xl0 from 192.168.10.0/24 -> 172.16.10.3
nat on tun0 from 192.168.1.0/24 -> 125.162.86.158
#nat on ethernet public from network local -> ip public
rdr on rl1 proto tcp from 192.168.1.0/24 to any port www -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 8080 -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 3128 -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 9000 -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 10000 -> 192.168.1.1 port 3128
$biqo $all_if proto { tcp udp } to port $noacc
$biqo $all_if proto { tcp udp } from port $noacc
$boqo $ext_if to 255.255.255.255
$biqo $ext_if from 255.255.255.255
$boqo $int_if to 255.255.255.255
$biqo $int_if from 255.255.255.255
pass quick on lo0
$bdiqo $all_if from <cekalsik>
$bdoqo $all_if to <cekalsik>
block in quick on $all_if proto icmp to 69.46.28.205
block in quick on $all_if proto icmp from 69.46.28.205
block in quick on $all_if proto icmp to 70.87.51.179
block in quick on $all_if proto icmp from 70.87.51.179
pass quick proto { tcp udp } to port $snmpport
pass quick proto { tcp udp } from port $snmpport
pass quick inet proto { tcp udp } to port { 123 }
pass quick inet proto { tcp udp } from port { 123 }
pass out proto tcp to port 21 keep state
pass quick inet proto icmp
4. Installation Squid
###Install Squid###
router# tar -zxvf squid-2.6.STABLE18.tar.gz
router# cd squid-2.6.STABLE18
./configure --prefix=/usr' '--sysconfdir=/etc/squid' '--enable-async-io=24' '--with-aufs-threads=24' '--with-pthreads' '--with-aio' '--with-dl' '--enable-storeio=aufs,diskd' '--enable-removal-policies=heap' '--enable-icmp' '--enable-delay-pools' '--enable-snmp' '--enable-cache-digests' '--enable-ipf-transparent' '--enable-pf-transparent' '--disable-ident-lookups' '--disable-hostname-checks' '--enable-underscores' '--enable-ssl' '--disable-wccp' '--disable-wccpv2
make && make install
pw useradd squid
cd /
chown squid:squid cache1 cache2 cache3 cache4 cache5
ee squid.conf
configuration squid.conf
http_port 3128 transparent
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
#no_cache deny QUERY
cache deny QUERY
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
maximum_object_size 32 MB
maximum_object_size_in_memory 16 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir diskd /cache1 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache2 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache3 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache4 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache5 6000 20 256 Q1=72 Q2=88
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
access_log none
cache_log none
allow_underscore on
pid_filename /var/run/squid/squid.pid
cache_store_log none
##REFRESH PATTERN
refresh_pattern yahoo 0 20% 4320
refresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
refresh_pattern -i \? 2 20% 4320 reload-into-ims
refresh_pattern -i cgi-bin 2 20% 4320 reload-into-ims
refresh_pattern http://.*\login.yahoo\.com/ 10080 20% 4320
refresh_pattern http://.*\338a\.com/ 3600 20% 4320
refresh_pattern http://*\.ibcbet\.com/ 0 20% 4320
refresh_pattern . 960 90% 43200 reload-into-ims
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 100
client_lifetime 3 hours
shutdown_lifetime 10 seconds
half_closed_clients off
high_memory_warning 400 mb
high_response_time_warning 0
high_page_fault_warning 2
strip_query_terms off
log_fqdn off
memory_pools off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.1.0/24
#acl porn url_regex "/etc/squid/bokep.txt"
#acl noporn url_regex "/etc/squid/nobokep.txt"
acl TIME time SMTWHFA 10:00-20:00
acl download url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ \.rpm$ \.zip$ \.rar$
acl download url_regex -i \.avi$ \.mpg$ \.mpeg$ \.rm$ \.iso$ \.wav$ \.mov$ \.dat$ \.mpe$ \.mid$ \.mp4$
acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.mp2$ \.mpa$ \.wax$ \.msi$
acl download url_regex -i \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \.aif$ \.asf$ \.m2v$ \.rfx$
acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vob$ \.aob$ \.dts$ \.3g2$
acl download url_regex -i \.ac3$ \.cda$ \.vro$ \.deb$ \.cab$ \.qt$ \.flv$ \.swf$ \.3gp$ \.vqf$ \.asf$
acl manager proto cache_object
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 81
acl Safe_ports port 84
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl BADPORTS port 7 9 11 19 22 23 25 110 119 513 514 445 213 137 138 32768
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny VIRUS
#http_access deny porn !noporn
http_access deny BADPORTS
http_access allow lan
http_access allow localhost
http_access deny all
icp_access allow lan
icp_access deny all
miss_access allow lan
miss_access deny all
extension_methods register-http-method
ftp_user areksitiung@yahoo.com
ftp_list_width 32
ftp_passive on
forwarded_for off
store_objects_per_bucket 15
store_avg_object_size 13 kb
debug_options ALL,1 98,2
max_open_disk_fds 100
store_dir_select_algorithm round-robin
cache_mgr areksitiung@yahoo.com
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.nover.net.id
logfile_rotate 1
pipeline_prefetch on
vary_ignore_expire on
cachemgr_passwd cimpronet
buffered_logs on
ignore_unknown_nameservers off
ie_refresh off
delay_pools 3
delay_class 1 1
delay_parameters 1 10000/15000
delay_access 1 allow download TIME
delay_access 1 deny all
/usr/sbin/squid -z
/usr/sbin/squid -D
5. Dial PPOE from BSD
router# cat /etc/ppp/ppp.conf
#################################################################
# PPP Sample Configuration File
# Originally written by Toshiharu OHNO
# Simplified 5/14/1999 by wself@cdrom.com
#
# See /usr/share/examples/ppp/ for some examples
#
# $FreeBSD: src/etc/ppp/ppp.conf,v 1.8 2001/06/21 15:42:26 brian Exp $
#################################################################
default:
set device PPPoE:rl0
set speed sync
set mru 1492
set mtu 1492
set ctsrts off
enable lqr
set log phase tun
add default HISADDR
enable dns
speedy:
set authname 1114071xxxx@telkom.net
set authkey xxxx
</cekalsik></cekalsik></bad_hosts></spamd>
###kernel###
machine i386
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident NOVERNET
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
options IPDIVERT
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options HZ=1000
options SYSVMSG
options MSGMNB=8192
options MSGMNI=40
options MSGSEG=512
options MSGSSZ=64
options MSGTQL=2048
options SYSVSHM
options SHMSEG=16
options SHMMNI=32
options SHMMAX=2097152
options SHMALL=4096
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_CDNR
options ALTQ_PRIQ
options NETGRAPH
options NETGRAPH_ETHER
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET
options IPFILTER
options IPFILTER_LOG
2. Config rc.conf
###rc.conf###
sshd_enable="YES"
fsck_y_enable="YES"
gateway_enable="YES"
ppp_enable="YES"
ppp_mode="ddial"
ppp_profile="speedy"
ppp_nat="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""
ifconfig_rl0="up"
ifconfig_rl0="inet 192.168.2.2 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.1.1 netmask 255.255.255.0"
hostname="router.nover.net.id"
3. Pf.conf
###pf.conf###
ext_if ='tun0'
all_if ='{ tun0 rl1 }'
int_if ='rl1 '
noacc ='{ 67 68 69 135 136 137 138 139 213 445 552 554 1034 1080 \
1433 1434 4000 4444 4661 4662 6257 6346 6347 6699 \
7070 }'
dfltport='{ 20 21 80 443 6660:6670 5001 5010 5050 5100 }'
p2p='{1214 3000:4900 4661:4672 6257 6699 6346 6881:6889 4662 4672}'
prioport='{ 22 161 162 1740:1900 2075 2212 3000:3200 3700:3999 \
4001:4900 5000 6900 7000 8000 8360:8364 8352 8372 \
10011 10021 10031 10041 10051 10061 10071 10102 13412 \
13413 13450 20000 20201 20202 }'
gameport='{ 1740:1900 2075 3000:3200 3700:3999 4001:4900 5000 5121 6121 6900
7000 8000 8360:8364 8352 8372 10011 10021 10031 10041 10051 10061 \
10071 10102 13412 13413 13450 20000 20201 20202 64113 64381 }'
cached ='{ 80 3128 8080 8081 }'
ssh1port='{ 22 2212 1680 1870 }'
snmpport='{ 161 162 }'
bio ='block in on'
boo ='block out on'
biqo ='block in quick on'
bdiqo ='block drop in quick on'
bilqo ='block in log quick on'
boqo ='block out quick on'
bdqo ='block drop quick on'
bdoqo ='block drop out quick on'
bdqlo ='block drop quick on'
bqo ='block quick on'
bolqo ='block out log quick on'
poqo ='pass out quick on'
piqo ='pass in quick on'
polqo ='pass out log quick on'
pilqo ='pass in log quick on'
prio ='priority'
pif ='proto tcp from'
pqo ='pass quick on'
puifa ='proto { udp icmp } from any'
puif ='proto { udp icmp } from'
ptufa ='proto { tcp udp } from any'
ptuif ='proto { tcp udp icmp } from'
ptuifa ='proto { tcp udp icmp } from any'
ptuf ='proto { tcp udp } from'
puf ='proto udp from'
ptfa ='proto tcp from any'
pufatap ='proto udp from any to any port'
pufap ='proto udp from any port'
pif ='proto icmp from'
ptf ='proto tcp from'
pifa ='proto icmp from any'
ptufap ='proto { tcp udp } from any port'
fata ='from any to any'
priq0 ='{ q_def0, q_pri0 }'
priq1 ='{ q_def1, q_pri1 }'
apriq0 ='(q_def0, q_pri0)'
apriq1 ='(q_def1, q_pri1)'
fat ='from any to'
poo ='pass out on'
pio ='pass in on'
pef ='persist file'
pst ='persist'
tbl ='table'
crd ='cbq(red default)'
crb ='cbq(red borrow)'
ptt ='proto tcp to'
ks ='keep state'
ms ='modulate state'
st ='set timeout'
bw ='bandwidth'
fa ='from any'
cd ='cbq(default)'
cr ='cbq(red)'
cq ='cbq queue'
hq ='hfsc queue'
fs ='flags S/SA'
qu ='queue'
ql ='qlimit'
rt ='realtime'
ls ='linkshare'
ul ='upperlimit'
pt ='proto tcp'
$st { interval 30, frag 10 }
$st { tcp.first 120, tcp.opening 30, tcp.established 86400 }
$st { tcp.closing 500, tcp.finwait 45, tcp.closed 40 }
$st { udp.first 60, udp.single 30, udp.multiple 60 }
$st { icmp.first 20, icmp.error 10 }
$st { other.first 60, other.single 30, other.multiple 60 }
set limit { states 20000, frags 20000 }
set optimization normal
set block-policy return
set state-policy if-bound
set loginterface $int_if
set loginterface $ext_if
$tbl <spamd> $pst
$tbl <bad_hosts> $pst
scrub in
scrub out no-df random-id
#nat on $ext_if from 192.168.1.0/28 -> 202.152.58.197
##nat on xl0 from 192.168.10.0/24 -> 172.16.10.3
nat on tun0 from 192.168.1.0/24 -> 125.162.86.158
#nat on ethernet public from network local -> ip public
rdr on rl1 proto tcp from 192.168.1.0/24 to any port www -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 8080 -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 3128 -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 9000 -> 192.168.1.1 port 3128
rdr on rl1 proto tcp from 192.168.1.0/24 to any port 10000 -> 192.168.1.1 port 3128
$biqo $all_if proto { tcp udp } to port $noacc
$biqo $all_if proto { tcp udp } from port $noacc
$boqo $ext_if to 255.255.255.255
$biqo $ext_if from 255.255.255.255
$boqo $int_if to 255.255.255.255
$biqo $int_if from 255.255.255.255
pass quick on lo0
$bdiqo $all_if from <cekalsik>
$bdoqo $all_if to <cekalsik>
block in quick on $all_if proto icmp to 69.46.28.205
block in quick on $all_if proto icmp from 69.46.28.205
block in quick on $all_if proto icmp to 70.87.51.179
block in quick on $all_if proto icmp from 70.87.51.179
pass quick proto { tcp udp } to port $snmpport
pass quick proto { tcp udp } from port $snmpport
pass quick inet proto { tcp udp } to port { 123 }
pass quick inet proto { tcp udp } from port { 123 }
pass out proto tcp to port 21 keep state
pass quick inet proto icmp
4. Installation Squid
###Install Squid###
router# tar -zxvf squid-2.6.STABLE18.tar.gz
router# cd squid-2.6.STABLE18
./configure --prefix=/usr' '--sysconfdir=/etc/squid' '--enable-async-io=24' '--with-aufs-threads=24' '--with-pthreads' '--with-aio' '--with-dl' '--enable-storeio=aufs,diskd' '--enable-removal-policies=heap' '--enable-icmp' '--enable-delay-pools' '--enable-snmp' '--enable-cache-digests' '--enable-ipf-transparent' '--enable-pf-transparent' '--disable-ident-lookups' '--disable-hostname-checks' '--enable-underscores' '--enable-ssl' '--disable-wccp' '--disable-wccpv2
make && make install
pw useradd squid
cd /
chown squid:squid cache1 cache2 cache3 cache4 cache5
ee squid.conf
configuration squid.conf
http_port 3128 transparent
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
#no_cache deny QUERY
cache deny QUERY
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
maximum_object_size 32 MB
maximum_object_size_in_memory 16 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir diskd /cache1 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache2 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache3 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache4 6000 20 256 Q1=72 Q2=88
cache_dir diskd /cache5 6000 20 256 Q1=72 Q2=88
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
access_log none
cache_log none
allow_underscore on
pid_filename /var/run/squid/squid.pid
cache_store_log none
##REFRESH PATTERN
refresh_pattern yahoo 0 20% 4320
refresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
refresh_pattern -i \? 2 20% 4320 reload-into-ims
refresh_pattern -i cgi-bin 2 20% 4320 reload-into-ims
refresh_pattern http://.*\login.yahoo\.com/ 10080 20% 4320
refresh_pattern http://.*\338a\.com/ 3600 20% 4320
refresh_pattern http://*\.ibcbet\.com/ 0 20% 4320
refresh_pattern . 960 90% 43200 reload-into-ims
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 100
client_lifetime 3 hours
shutdown_lifetime 10 seconds
half_closed_clients off
high_memory_warning 400 mb
high_response_time_warning 0
high_page_fault_warning 2
strip_query_terms off
log_fqdn off
memory_pools off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.1.0/24
#acl porn url_regex "/etc/squid/bokep.txt"
#acl noporn url_regex "/etc/squid/nobokep.txt"
acl TIME time SMTWHFA 10:00-20:00
acl download url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ \.rpm$ \.zip$ \.rar$
acl download url_regex -i \.avi$ \.mpg$ \.mpeg$ \.rm$ \.iso$ \.wav$ \.mov$ \.dat$ \.mpe$ \.mid$ \.mp4$
acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.mp2$ \.mpa$ \.wax$ \.msi$
acl download url_regex -i \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \.aif$ \.asf$ \.m2v$ \.rfx$
acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vob$ \.aob$ \.dts$ \.3g2$
acl download url_regex -i \.ac3$ \.cda$ \.vro$ \.deb$ \.cab$ \.qt$ \.flv$ \.swf$ \.3gp$ \.vqf$ \.asf$
acl manager proto cache_object
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 81
acl Safe_ports port 84
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl BADPORTS port 7 9 11 19 22 23 25 110 119 513 514 445 213 137 138 32768
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny VIRUS
#http_access deny porn !noporn
http_access deny BADPORTS
http_access allow lan
http_access allow localhost
http_access deny all
icp_access allow lan
icp_access deny all
miss_access allow lan
miss_access deny all
extension_methods register-http-method
ftp_user areksitiung@yahoo.com
ftp_list_width 32
ftp_passive on
forwarded_for off
store_objects_per_bucket 15
store_avg_object_size 13 kb
debug_options ALL,1 98,2
max_open_disk_fds 100
store_dir_select_algorithm round-robin
cache_mgr areksitiung@yahoo.com
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.nover.net.id
logfile_rotate 1
pipeline_prefetch on
vary_ignore_expire on
cachemgr_passwd cimpronet
buffered_logs on
ignore_unknown_nameservers off
ie_refresh off
delay_pools 3
delay_class 1 1
delay_parameters 1 10000/15000
delay_access 1 allow download TIME
delay_access 1 deny all
/usr/sbin/squid -z
/usr/sbin/squid -D
5. Dial PPOE from BSD
router# cat /etc/ppp/ppp.conf
#################################################################
# PPP Sample Configuration File
# Originally written by Toshiharu OHNO
# Simplified 5/14/1999 by wself@cdrom.com
#
# See /usr/share/examples/ppp/ for some examples
#
# $FreeBSD: src/etc/ppp/ppp.conf,v 1.8 2001/06/21 15:42:26 brian Exp $
#################################################################
default:
set device PPPoE:rl0
set speed sync
set mru 1492
set mtu 1492
set ctsrts off
enable lqr
set log phase tun
add default HISADDR
enable dns
speedy:
set authname 1114071xxxx@telkom.net
set authkey xxxx
</cekalsik></cekalsik></bad_hosts></spamd>
0 comments:
Post a Comment