Added basic squid installation

2024-08-27 09:44:36 +03:00 · 2024-08-27 09:44:36 +03:00 · ab0074c0a4
commit ab0074c0a4
parent 179dcada66
4 changed files with 78 additions and 0 deletions
--- a/disable-rp-filter.sh
+++ b/disable-rp-filter.sh
@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+sysctl -a|grep \.rp_filter|gawk '{print $1}' |xargs -I{} sysctl -w {}=0
--- a/install-ngtech-squid.sh
+++ b/install-ngtech-squid.sh
@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+dnf module disable squid -y
+
+cat <<EOF > /etc/yum.repos.d/ngtech-squid.repo
+[ngtech-squid]
+name=Rocky Linux \$releasever - NgTech Squid Repo
+#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=\$basearch&repo=BaseOS-\$releasever
+baseurl=https://www.ngtech.co.il/repo/rocky/\$releasever/\$basearch/
+gpgcheck=0
+enabled=1
+countme=1
+EOF
+
+dnf check-update
+
+dnf install -y squid squid-helpers
+
+dnf install -y epel-release
+
+crb enable
+
+dnf install -y epel-release
+
+dnf install -y iptstate atop htop conntrack-tools curl jq wget iptables-services iptables-utils \
+	tcpdump 
+
+systemctl disable firewalld --now
+
+cp -vf rules.v4 /etc/sysconfig/iptables
+cp -vf rules.v6 /etc/sysconfig/ip6tables
+
+
+systemctl start iptables
+systemctl start ip6tables
+
+systemctl enable iptables
+systemctl enable ip6tables
--- a/rules.v4
+++ b/rules.v4
--- a/rules.v6
+++ b/rules.v6
@ -0,0 +1,37 @@
+# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024
+*filter
+:INPUT ACCEPT [9:758]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [9:608]
+COMMIT
+# Completed on Tue Aug 27 02:40:47 2024
+# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024
+*security
+:INPUT ACCEPT [9:758]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [9:608]
+COMMIT
+# Completed on Tue Aug 27 02:40:47 2024
+# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024
+*raw
+:PREROUTING ACCEPT [9:758]
+:OUTPUT ACCEPT [9:608]
+COMMIT
+# Completed on Tue Aug 27 02:40:47 2024
+# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024
+*mangle
+:PREROUTING ACCEPT [9:758]
+:INPUT ACCEPT [9:758]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [9:608]
+:POSTROUTING ACCEPT [9:608]
+COMMIT
+# Completed on Tue Aug 27 02:40:47 2024
+# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+# Completed on Tue Aug 27 02:40:47 2024