On 6/6/2011 5:43 AM, Odhiambo Washington wrote: > On Sun, Jun 5, 2011 at 18:04, Jim Pingle <li...@pingle.org [snip] > http://forum.pfsense.org/index.php/topic,32923.msg191044.html [snip]
> So in essence, we need: > > (12:25:03 <~>) 0 $ diff squid.inc squid.inc.local > 527c527 > < } > --- >> } > 813,814c813,814 > < acl all src 0.0.0.0/0.0.0.0 <http://0.0.0.0/0.0.0.0> > < acl localhost src 127.0.0.1/255.255.255.255 > <http://127.0.0.1/255.255.255.255> > --- >> acl all src all >> acl localhost src 127.0.0.1/32 <http://127.0.0.1/32> We have that now. Have since the middle of May: 2866d3ae config/squid3/squid.inc (jim-p 2011-05-18 11:57:21 -0400 807) acl all src all > 903c903 > < $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " deny > all\n"; > --- >> $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " all\n"; We do that now. Have since late May: 54c49bf2 config/squid3/squid.inc (jim-p 2011-05-25 14:39:07 -0400 898) $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " all \n"; > Another issue with regard to squid 3.1.x concerns this block in squid.inc: > > if ($settings['allow_interface'] == 'on') { > $src = ''; > foreach ($real_ifaces as $iface) { > list($ip, $mask) = $iface; > $ip = long2ip(ip2long($ip) & ip2long($mask)); > $src .= " $ip/$mask"; > } > $conf .= "# Allow local network(s) on interface(s)\n"; > $conf .= "acl localnet src $src\n"; > $valid_acls[] = 'localnet'; > } > > > For squid 3.x netmasks are deprecated. CIDR masks are used instead. Looks like that was also changed mid-May... 2866d3ae config/squid3/squid.inc (jim-p 2011-05-18 11:57:21 -0400 677) $mask = 32-log((ip2long($mask) ^ ip2long('255.255.255.255'))+1,2); > So, someone needs to change something in this block:-) > > Plus - could the package maintainer keep upto date with the squid > branch? It's lagging much behind. Well there is no active maintainer of Squid 3. I poke at it now and then when people submit patches, but I don't have any sort of focus on it, as 2.7.x does what I want and it's stable. The current package is at 3.1.9 which is a couple months behind, but not ancient. The FreeBSD port is up to 3.1.12. The tags are on the package to build it automatically, but it may not be happening since the squid 2.7.x build is probably conflicting with it. If I get some time I may compile a new copy in a VM and upload it, but it may not be any time soon. I did find a couple things off in the xml for which files it was pulling. I'll commit a fix here in a few. Try to reinstall it later today. Jim --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
