####### Squid ######
### arranged by baratev
20:21 16/02/2008


### Opsi Tuning Squid
refresh_pattern -i \.(swf|png|jpg|jpeg|bmp|tiff|png|gif) 43200 90% 129600 reload-into-ims override-lastmod
refresh_pattern -i \.(mov|mpg|mpeg|flv|avi|mp3|3gp|sis|wma) 43200 90% 129600 reload-into-ims override-lastmod
refresh_pattern -i \.(zip|rar|ace|bz|bz2|tar|gz|exe) 43200 90% 129600 reload-into-ims override-lastmod
refresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp) 43200 90% 1440 reload-into-ims override-lastmod
refresh_pattern ^http://*.google.*/.*                   720   100%   4320 reload-into-ims override-lastmod
refresh_pattern ^http://*korea.*/.*                     720   100%   4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.akamai.*/.*                   720   100% 4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.windowsmedia.*/.*             720   100%   4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.googlesyndication.*/.*        720   100%   4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.plasa.*/.*                    720   100%   4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.telkom.*/.*                   720   100%  4320 reload-into-ims override-lastmod
refresh_pattern ^http://www.friendster.com/.*           720   100%   4320 reload-into-ims override-lastmod
refresh_pattern ^http://mail.yahoo.com/.*               720   100%   4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yahoo.*/.*                    720   100%   4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.yimg.*/.*                     720   100%   4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.gmail.*/.*                    720   100%   4320 reload-into-ims override-lastmod
refresh_pattern ^http://*.detik.*/.*                    720   100%   4320 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 43200 90% 129600 reload-into-ims override-expire
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod


### firewall tambahan di proxy

#testing

/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –destination-port 12 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 –destination-port 12 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 12 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 12 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –destination-port 16 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 –destination-port 16 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 16 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 16 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –destination-port 17 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 –destination-port 17 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 17 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 17 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –destination-port 12:20 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 –destination-port 12:20 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 12:20 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 12:20 -j REJECT

/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –destination-port 110 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 –destination-port 110 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 110 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 110 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 25 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 25 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –destination-port 25 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 –destination-port 25 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 24 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 24 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –destination-port 123 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 –destination-port 123 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 123 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 123 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –destination-port 24 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 –destination-port 24 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 24 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 24 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 23 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/32 -d 0/0 –destination-port 23 -j REJECT

/sbin/iptables -N syn-flood
/sbin/iptables -A INPUT -i input_interface -p tcp –syn -j syn-flood
/sbin/iptables -A syn-flood -m limit –limit 1/s –limit-burst 4 -j RETURN
/sbin/iptables -A syn-flood -j DROP

/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –destination-port 199 -j DROP
/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 –destination-port 199 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 –destination-port 199 -j REJECT
/sbin/iptables -A FORWARD -p udp -s 0/0 -d 0/0 –destination-port 199 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –destination-port 119 -j DROP
/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 –destination-port 119 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 –destination-port 119 -j REJECT
/sbin/iptables -A FORWARD -p udp -s 0/0 -d 0/0 –destination-port 119 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –destination-port 111 -j DROP
/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 –destination-port 111 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 –destination-port 111 -j REJECT
/sbin/iptables -A FORWARD -p udp -s 0/0 -d 0/0 –destination-port 111 -j REJECT
/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –destination-port 411 -j DROP
/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 –destination-port 411 -j DROP
/sbin/iptables -A FORWARD -p tcp -s 0/0 -d 0/0 –destination-port 67:68 -j REJECT
/sbin/iptables -A FORWARD -p udp -s 0/0 -d 0/0 –destination-port 67:68 -j REJECT