diff options
-rw-r--r-- | net-proxy/dante/ChangeLog | 11 | ||||
-rw-r--r-- | net-proxy/dante/Manifest | 18 | ||||
-rw-r--r-- | net-proxy/dante/dante-1.1.15-r2.ebuild | 87 | ||||
-rw-r--r-- | net-proxy/dante/files/dante-sockd-init | 33 | ||||
-rw-r--r-- | net-proxy/dante/files/digest-dante-1.1.15-r2 | 1 | ||||
-rw-r--r-- | net-proxy/dante/files/sockd.conf | 243 | ||||
-rw-r--r-- | net-proxy/dante/files/sockd.conf-with-libwrap.patch | 41 | ||||
-rw-r--r-- | net-proxy/dante/files/sockd.conf-with-pam.patch | 12 | ||||
-rw-r--r-- | net-proxy/dante/files/socks.conf | 127 |
9 files changed, 551 insertions, 22 deletions
diff --git a/net-proxy/dante/ChangeLog b/net-proxy/dante/ChangeLog index 6e53adc1810a..764e13f6253b 100644 --- a/net-proxy/dante/ChangeLog +++ b/net-proxy/dante/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for net-proxy/dante # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/dante/ChangeLog,v 1.3 2005/05/16 16:58:47 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/dante/ChangeLog,v 1.4 2005/06/04 12:30:59 mrness Exp $ + +*dante-1.1.15-r2 (04 Jun 2005) + + 04 Jun 2005; Alin Nastac <mrness@gentoo.org> files/dante-sockd-init, + +files/sockd.conf, +files/sockd.conf-with-libwrap.patch, + +files/sockd.conf-with-pam.patch, +files/socks.conf, + +dante-1.1.15-r2.ebuild: + Added default configuration files in /etc/socks. Create sockd user, used in + user.* parameters of the sockd daemon. Improve init script. 16 May 2005; Alin Nastac <mrness@gentoo.org> dante-1.1.15-r1.ebuild: Remove unused inheritance of gcc eclass (#92745). diff --git a/net-proxy/dante/Manifest b/net-proxy/dante/Manifest index 9062030a2881..997bb7e3919e 100644 --- a/net-proxy/dante/Manifest +++ b/net-proxy/dante/Manifest @@ -1,20 +1,16 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - +MD5 a4eb0e7d6a2c909a06ce7c92c0c328bb dante-1.1.15-r2.ebuild 2460 MD5 a6a5bd8eb855005685f1e525babf1094 dante-1.1.15-r1.ebuild 2266 MD5 335176ca1f54f38465d44cdf5003e9de ChangeLog 7424 MD5 19688263fcbda666eeb085869012f86a metadata.xml 246 MD5 e1b94493b162bbdb56acba97cec7349a files/dante-1.1.15_pre1-socksify.patch 811 +MD5 7573426ad7edc9ea4dd95f020205fda4 files/sockd.conf-with-pam.patch 295 MD5 5e74662c76571e30e6a190a2d4d1193a files/dante-1.1.15-optionalpam.patch 10896 MD5 0a5831b02f1ee3c0b9810c4354839906 files/digest-dante-1.1.15-r1 64 +MD5 0a5831b02f1ee3c0b9810c4354839906 files/digest-dante-1.1.15-r2 64 +MD5 aa0bc92f8670b91aaf92f1e89b7e06c7 files/sockd.conf 7031 +MD5 cf06ad88e50a36ba1326579ab64366b8 files/socks.conf 4185 +MD5 05b76026b104b3a12fcd5d42aecc3041 files/sockd.conf-with-libwrap.patch 870 MD5 72d9add89e45e3cb921c99d79bdf31a7 files/dante-1.1.15-bindresvport.patch 485 MD5 30064015b5702cf8059a1639167e8a3f files/dante-1.1.15-getipnodebyname.patch 789 MD5 eb2041b3f61750335f8702515cb20b7c files/dante-sockd-conf 463 -MD5 4b441393f14c9a13b7f4cb22242f659c files/dante-sockd-init 1319 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (GNU/Linux) - -iD8DBQFCiNFgjiC39V7gKu0RAmAGAKCQj1e5veSZ65HWCn5V7bFCNqcLDQCgvOLg -70lVQAi27ojkYK0wGUd4Ndc= -=E2rr ------END PGP SIGNATURE----- +MD5 6b6fd3ddbf6b66e9a5bd2259d1d3c19d files/dante-sockd-init 1722 diff --git a/net-proxy/dante/dante-1.1.15-r2.ebuild b/net-proxy/dante/dante-1.1.15-r2.ebuild new file mode 100644 index 000000000000..57fa30ca9a96 --- /dev/null +++ b/net-proxy/dante/dante-1.1.15-r2.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-proxy/dante/dante-1.1.15-r2.ebuild,v 1.1 2005/06/04 12:30:59 mrness Exp $ + +inherit fixheadtails eutils + +DESCRIPTION="A free socks4,5 and msproxy implementation" +HOMEPAGE="http://www.inet.no/dante/" +SRC_URI="ftp://ftp.inet.no/pub/socks/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="tcpd debug selinux pam" + +RDEPEND="virtual/libc + pam? ( sys-libs/pam ) + tcpd? ( sys-apps/tcp-wrappers ) + selinux? ( sec-policy/selinux-dante )" +DEPEND="${RDEPEND} + >=sys-apps/sed-4 + >=sys-devel/automake-1.9" + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${FILESDIR}/${P}_pre1-socksify.patch + epatch ${FILESDIR}/${P}-bindresvport.patch + epatch ${FILESDIR}/${P}-optionalpam.patch + epatch ${FILESDIR}/${P}-getipnodebyname.patch + + ht_fix_file configure configure.ac + sed -i \ + -e 's:/etc/socks\.conf:/etc/socks/socks.conf:' \ + -e 's:/etc/sockd\.conf:/etc/socks/sockd.conf:' \ + doc/{faq.ps,faq.tex,sockd.8,sockd.conf.5,socks.conf.5} +} + +src_compile() { + libtoolize --copy --force + econf \ + `use_enable debug` \ + `use_enable tcpd libwrap` \ + `use_with pam` \ + --with-socks-conf=/etc/socks/socks.conf \ + --with-sockd-conf=/etc/socks/sockd.conf \ + || die "bad ./configure" + # the comments in the source say this is only useful for 2.0 kernels ... + # well it may fix 2.0 but it breaks with 2.6 :) + [ "${KV:0:3}" == "2.6" ] && sed -i 's:if HAVE_LINUX_ECCENTRICITIES:if 0:' include/common.h + emake || die "compile problem" +} + +src_install() { + make DESTDIR=${D} install || die + + # bor: comment libdl.so out it seems to work just fine without it + sed -i -e 's:libdl\.so::' ${D}/usr/bin/socksify || die 'sed failed' + + # default configuration files + insinto /etc/socks + doins ${FILESDIR}/sock?.conf + cd ${D}/etc/socks && { + use pam && epatch ${FILESDIR}/sockd.conf-with-pam.patch + use tcpd && epatch ${FILESDIR}/sockd.conf-with-libwrap.patch + } + cd ${S} + + # our init script + exeinto /etc/init.d + newexe ${FILESDIR}/dante-sockd-init dante-sockd + insinto /etc/conf.d + newins ${FILESDIR}/dante-sockd-conf dante-sockd + + # install documentation + dodoc BUGS CREDITS NEWS README SUPPORT TODO VERSION + docinto txt + cd doc + dodoc README* *.txt SOCKS4.* + docinto example + cd ../example + dodoc *.conf +} + +pkg_postinst() { + enewuser sockd -1 /bin/false /etc/socks daemon +} diff --git a/net-proxy/dante/files/dante-sockd-init b/net-proxy/dante/files/dante-sockd-init index b2f641142046..dd5285fdcf7c 100644 --- a/net-proxy/dante/files/dante-sockd-init +++ b/net-proxy/dante/files/dante-sockd-init @@ -1,12 +1,13 @@ #!/sbin/runscript # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/dante/files/dante-sockd-init,v 1.1 2005/04/22 20:47:27 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/dante/files/dante-sockd-init,v 1.2 2005/06/04 12:30:59 mrness Exp $ SOCKD_OPT="-D" [ "${SOCKD_FORKDEPTH}" -gt 1 ] && SOCKD_OPT="${SOCKD_OPT} -N ${SOCKD_FORKDEPTH}" [ "${SOCKD_DEBUG}" -eq 1 ] && SOCKD_OPT="${SOCKD_OPT} -d" [ "${SOCKD_DISABLE_KEEPALIVE}" -eq 1 ] && SOCKD_OPT="${SOCKD_OPT} -n" +PIDFILE=/var/run/sockd.pid depend() { need net @@ -17,29 +18,41 @@ checkconfig() { if [ ! -f /etc/socks/sockd.conf ] ; then eerror "You need to setup /etc/socks/sockd.conf first" eerror "Examples are in /usr/share/doc/dante[version]/example" - eerror "for info: info sockd.conf" + eerror "for more info, see: man sockd.conf" return 1 fi - /usr/sbin/sockd -V - ret=$? - if [ $ret -ne 0 ]; then + + /usr/sbin/sockd -V &> /tmp/dante-sockd.checkconf + if [ $? -ne 0 ]; then + cat /tmp/dante-sockd.checkconf eerror "Something is wrong with your configuration file" + eerror "for more info, see: man sockd.conf" return 1 fi + rm /tmp/dante-sockd.checkconf + + #Create pidfile with owner set to daemon's uid + DAEMON_UID=`sed -e '/^[ \t]*user[.]notprivileged[ \t]*:/{s/.*:[ \t]*//;q};d' /etc/socks/sockd.conf` + if [ -n "$DAEMON_UID" ]; then + touch $PIDFILE && chown $DAEMON_UID $PIDFILE + fi + + return 0 } start() { checkconfig || return 1 ebegin "Starting dante sockd" - start-stop-daemon --start --quiet --pidfile /var/run/sockd.pid \ - --make-pidfile --exec /usr/sbin/sockd -- ${SOCKD_OPT} + start-stop-daemon --start --quiet --pidfile $PIDFILE \ + --make-pidfile --exec /usr/sbin/sockd -- ${SOCKD_OPT} &> /dev/null eend $? "Failed to start sockd" } stop() { ebegin "Stopping dante sockd" - start-stop-daemon --stop --quiet --pidfile /var/run/sockd.pid - eend $? "Failed to stop sockd" + start-stop-daemon --stop --quiet --pidfile $PIDFILE + eend $? "Failed to stop sockd" || return 1 + # clean stale pidfile - [ -f /var/run/sockd.pid ] && rm -f /var/run/sockd.pid + [ -f "$PIDFILE" ] && rm -f $PIDFILE } diff --git a/net-proxy/dante/files/digest-dante-1.1.15-r2 b/net-proxy/dante/files/digest-dante-1.1.15-r2 new file mode 100644 index 000000000000..88330bda9942 --- /dev/null +++ b/net-proxy/dante/files/digest-dante-1.1.15-r2 @@ -0,0 +1 @@ +MD5 c737faf4ba6282777070d8c0580c3832 dante-1.1.15.tar.gz 839660 diff --git a/net-proxy/dante/files/sockd.conf b/net-proxy/dante/files/sockd.conf new file mode 100644 index 000000000000..70b18747ba34 --- /dev/null +++ b/net-proxy/dante/files/sockd.conf @@ -0,0 +1,243 @@ +# The configfile is divided into two parts; first serversettings, +# then the rules. +# +# The recommended order is: +# Serversettings: +# logoutput +# internal +# external +# method +# clientmethod +# users +# compatibility +# extension +# connecttimeout +# iotimeout +# srchost +# +# Rules: +# client block/pass +# from to +# log +# +# block/pass +# from to +# method +# command +# log +# protocol +# proxyprotocol + +# the server will log both via syslog, to stdout and to /var/log/lotsoflogs +#logoutput: syslog stdout /var/log/lotsoflogs +logoutput: syslog + +# The server will bind to the address 10.1.1.1, port 1080 and will only +# accept connections going to that address. +#internal: 10.1.1.1 port = 1080 +# Alternatively, the interface name can be used instead of the address. +#internal: eth0 port = 1080 + +# all outgoing connections from the server will use the IP address +# 195.168.1.1 +#external: 192.168.1.1 + +# list over acceptable methods, order of preference. +# A method not set here will never be selected. +# +# If the method field is not set in a rule, the global +# method is filled in for that rule. +# + +# methods for socks-rules. +#method: username none #rfc931 + +# methods for client-rules. +#clientmethod: none + +#or if you want to allow rfc931 (ident) too +#method: username rfc931 none + +# +# An important section, pay attention. +# + +# when doing something that can require privilege, +# it will use the userid "sockd". +user.privileged: sockd + +# when running as usual, +# it will use the unprivileged userid of "sockd". +user.notprivileged: sockd + +# +# some options to help clients with compatibility: +# + +# when a client connection comes in the socksserver will try to use +# the same port as the client is using, when the socksserver +# goes out on the clients behalf (external: IP address). +# If this option is set, Dante will try to do it for reserved ports aswell. +# This will usually require user.privileged to be set to "root". +#compatibility: sameport + +# If you are using the bind extension and have trouble running servers +# via the server, you might try setting this. The consequences of it +# are unknown. +#compatibility: reuseaddr + +# +# The Dante server supports some extensions to the socks protocol. +# These require that the socks client implements the same extension and +# can be enabled using the "extension" keyword. +# +# enable the bind extension. +#extension: bind + + +# +# +# misc options. +# + +# how many seconds can pass from when a client connects til it has +# sent us it's request? Adjust according to your network performance +# and methods supported. +#connecttimeout: 30 # on a lan, this should be enough if method is "none". + +# how many seconds can the client and it's peer idle without sending +# any data before we dump it? Unless you disable tcp keep-alive for +# some reason, it's probably best to set this to 0, which is +# "forever". +#iotimeout: 0 # or perhaps 86400, for a day. + +# do you want to accept connections from addresses without +# dns info? what about addresses having a mismatch in dnsinfo? +#srchost: nounknown nomismatch + +# +# The actual rules. There are two kinds and they work at different levels. +# +# The rules prefixed with "client" are checked first and say who is allowed +# and who is not allowed to speak/connect to the server. I.e the +# ip range containing possibly valid clients. +# It is especially important that these only use IP addresses, not hostnames, +# for security reasons. +# +# The rules that do not have a "client" prefix are checked later, when the +# client has sent its request and are used to evaluate the actual +# request. +# +# The "to:" in the "client" context gives the address the connection +# is accepted on, i.e the address the socksserver is listening on, or +# just "0.0.0.0/0" for any address the server is listening on. +# +# The "to:" in the non-"client" context gives the destination of the clients +# socksrequest. +# +# "from:" is the source address in both contexts. +# + + +# the "client" rules. All our clients come from the net 10.0.0.0/8. +# + +# Allow our clients, also provides an example of the port range command. +#client pass { +# from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0 +# method: rfc931 # match all idented users that also are in passwordfile +#} + +# This is identical to above, but allows clients without a rfc931 (ident) +# too. In practise this means the socksserver will try to get a rfc931 +# reply first (the above rule), if that fails, it tries this rule. +#client pass { +# from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0 +#} + + +# drop everyone else as soon as we can and log the connect, they are not +# on our net and have no business connecting to us. This is the default +# but if you give the rule yourself, you can specify details. +#client block { +# from: 0.0.0.0/0 to: 0.0.0.0/0 +# log: connect error +#} + + +# the rules controlling what clients are allowed what requests +# + +# you probably don't want people connecting to loopback addresses, +# who knows what could happen then. +#block { +# from: 0.0.0.0/0 to: 127.0.0.0/8 +# log: connect error +#} + +# the people at the 172.16.0.0/12 are bad, no one should talk to them. +# log the connect request. +#block { +# from: 0.0.0.0/0 to: 172.16.0.0/12 +# log: connect error +#} + +# unless you need it, you could block any bind requests. +#block { +# from: 0.0.0.0/0 to: 0.0.0.0/0 +# command: bind +# log: connect error +#} + +# or you might want to allow it, for instance "active" ftp uses it. +# Note that a "bindreply" command must also be allowed, it +# should usually by from "0.0.0.0/0", i.e if a client of yours +# has permission to bind, it will also have permission to accept +# the reply from anywhere. +#pass { +# from: 10.0.0.0/8 to: 0.0.0.0/0 +# command: bind +# log: connect error +#} + +# some connections expect some sort of "reply", this might be +# the reply to a bind request or it may be the reply to a +# udppacket, since udp is packetbased. +# Note that nothing is done to verify that it's a "genuine" reply, +# that is in general not possible anyway. The below will allow +# all "replies" in to your clients at the 10.0.0.0/8 net. +#pass { +# from: 0.0.0.0/0 to: 10.0.0.0/8 +# command: bindreply udpreply +# log: connect error +#} + + +# pass any http connects to the example.com domain if they +# authenticate with username. +# This matches "example.com" itself and everything ending in ".example.com". +#pass { +# from: 10.0.0.0/8 to: .example.com port = http +# log: connect error +# method: username +#} + +# block any other http connects to the example.com domain. +#block { +# from: 0.0.0.0/0 to: .example.com port = http +# log: connect error +#} + +# everyone from our internal network, 10.0.0.0/8 is allowed to use +# tcp and udp for everything else. +#pass { +# from: 10.0.0.0/8 to: 0.0.0.0/0 +# protocol: tcp udp +#} + +# last line, block everyone else. This is the default but if you provide +# one yourself you can specify your own logging/actions +#block { +# from: 0.0.0.0/0 to: 0.0.0.0/0 +# log: connect error +#} diff --git a/net-proxy/dante/files/sockd.conf-with-libwrap.patch b/net-proxy/dante/files/sockd.conf-with-libwrap.patch new file mode 100644 index 000000000000..97d2a33f71bb --- /dev/null +++ b/net-proxy/dante/files/sockd.conf-with-libwrap.patch @@ -0,0 +1,41 @@ +--- sockd.conf.orig 2005-06-04 13:57:39.770322448 +0300 ++++ sockd.conf 2005-06-04 13:47:47.000000000 +0300 +@@ -18,12 +18,14 @@ + # Rules: + # client block/pass + # from to ++# libwrap + # log + # + # block/pass + # from to + # method + # command ++# libwrap + # log + # protocol + # proxyprotocol +@@ -73,6 +75,10 @@ + # it will use the unprivileged userid of "sockd". + user.notprivileged: sockd + ++# when running libwrap commands, ++# it will use the userid "sockd". ++user.libwrap: sockd ++ + # + # some options to help clients with compatibility: + # +@@ -179,9 +185,11 @@ + #} + + # the people at the 172.16.0.0/12 are bad, no one should talk to them. +-# log the connect request. ++# log the connect request and also provide an example on how to ++# interact with libwrap. + #block { + # from: 0.0.0.0/0 to: 172.16.0.0/12 ++# libwrap: spawn finger @%a + # log: connect error + #} + diff --git a/net-proxy/dante/files/sockd.conf-with-pam.patch b/net-proxy/dante/files/sockd.conf-with-pam.patch new file mode 100644 index 000000000000..d6735a1cf30e --- /dev/null +++ b/net-proxy/dante/files/sockd.conf-with-pam.patch @@ -0,0 +1,12 @@ +--- sockd.conf.orig 2005-06-04 14:01:40.492727080 +0300 ++++ sockd.conf 2005-06-04 13:57:39.770322448 +0300 +@@ -58,6 +58,9 @@ + #or if you want to allow rfc931 (ident) too + #method: username rfc931 none + ++#or for PAM authentification ++#method: pam ++ + # + # An important section, pay attention. + # diff --git a/net-proxy/dante/files/socks.conf b/net-proxy/dante/files/socks.conf new file mode 100644 index 000000000000..4a7d1520a7b5 --- /dev/null +++ b/net-proxy/dante/files/socks.conf @@ -0,0 +1,127 @@ +# The configfile is divided into two parts; first misc. settings, +# then the routes. Objects in '[]' are optional. +# +# +# recommended order is: +# [debug] +# [logoutput] +# [resolveprotocol] +# +# routes: +# from to via +# [command] +# [extension] +# [protocol] +# [proxyprotocol] + + +#debug: 1 # uncomment to enable debugging + +#logoutput: stdout # users usually don't want to be bothered with that. + +# What protocol should be used for resolving hostnames? It's important +# to set this right. +#resolveprotocol: udp # default +#resolveprotocol: tcp # set this if your socksserver only supports socksv4. +#resolveprotocol: fake # set this if your clients can't access nameserver, + # neither directly nor proxied. + + + +# +# the routes +# + +# specifying routes for accepting remote connections (via bind()) is +# difficult since we can't know what the "to:" address is +# until we actually get the connection Since we support letting +# the client accept connections both via the proxyserver and +# "directly" at the same time, we have two options though: +# a) specify a route for bind (only) first going via the proxyserver. +# This will also handle "direct" connections. +# b) specify a route for bind (only) first going "direct". +# This means clients will only be able to accept "direct" +# connections. + +# we want to accept remote connections via the proxyserver. +#route { +# from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.1.1.1 port = 1080 +# command: bind +#} + +# we do not want to accept remote connections via the proxyserver. +#route { +# from: 0.0.0.0/0 to: 0.0.0.0/0 via: direct +# command: bind +#} + + +# if you don't route all local connections via direct, you should +# at least route nameserver connections via direct connections if you +# can. That can make for much better performance, depending on +# your setup. Make sure the nameserver line is the first. +# +# Assuming your nameserver runs on address 10.1.1.1, you can do it like this: +#route { +# from: 0.0.0.0/0 to: 10.1.1.1/32 port = domain via: direct +#} + + +# have a route making all connections to loopback addresses be direct. +#route { +# from: 0.0.0.0/0 to: 127.0.0.0/8 via: direct +# command: connect udpassociate # everything but bind, bind confuses us. +#} + +# Our net is the 10.0.0.0/8 net, let clients going to local address go +# direct, not via server. +#route { +# from: 0.0.0.0/0 to: 10.0.0.0/8 via: direct +#} + +# for poor souls trapped behind a msproxy server. +#route { +# from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.1.1.1 port = 1745 +# protocol: tcp # server supports tcp +# proxyprotocol: msproxy_v2 # server runs msproxy_v2 +#} + +# clients going anywhere else go via server listening at +# IP address 10.1.1.1, port 1080. Note that unless you have +# specified a direct connection for DNS, or the socksserver is resolvable +# without network traffic, you can't give a hostname for the socksserver, +# you must give a IP address. (the reasons for that are logical enough, +# you would create a loop otherwise.) +#route { +# from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.1.1.1 port = 1080 +# protocol: tcp udp # server supports tcp and udp. +# proxyprotocol: socks_v4 socks_v5 # server supports socks v4 and v5. +# method: none #username # we are willing to authenticate via +# # method "none", not "username". +#} + +# this is identical to the above, but it matches hostnames instead. +# This is if you have clients that are unable to resolve hostnames. +# It can be important that hostname routes come after address routes. +#route { +# from: 0.0.0.0/0 to: . via: 10.1.1.1 port = 1080 +# protocol: tcp udp # server supports tcp and udp. +# proxyprotocol: socks_v4 socks_v5 # server supports socks v4 and v5. +# method: none #username # we are willing to authenticate via +# # method "none", not "username". +#} + +# identical to above two routes, but using a httpproxy instead. +# + +#route { +# from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.1.1.1 port = 3128 +# command: connect # only thing a httproxy supports. +# proxyprotocol: http_v1.0 +#} + +#route { +# from: 0.0.0.0/0 to: . via: 10.1.1.1 port = 3128 +# command: connect # only thing a httproxy supports. +# proxyprotocol: http_v1.0 +#} |