[61554] trunk/dports/net/squid3-devel/Portfile

snc at macports.org snc at macports.org
Mon Dec 14 11:49:50 PST 2009 

Revision: 61554
          http://trac.macports.org/changeset/61554
Author:   snc at macports.org
Date:     2009-12-14 11:49:47 -0800 (Mon, 14 Dec 2009)
Log Message:
-----------
add firewall rules to startup wrapper, add https variant dependency

Modified Paths:
--------------
    trunk/dports/net/squid3-devel/Portfile

Modified: trunk/dports/net/squid3-devel/Portfile
===================================================================
--- trunk/dports/net/squid3-devel/Portfile	2009-12-14 19:15:54 UTC (rev 61553)
+++ trunk/dports/net/squid3-devel/Portfile	2009-12-14 19:49:47 UTC (rev 61554)
@@ -68,14 +68,30 @@
 
 startupitem.create      yes
 startupitem.name        Squid
+set start_extra ""
+set stop_extra ""
+# this will insert firewall rules to force a specific user to use squid for their connections
+# this implementation will only impact rule numbers 100 and 101.
+# A user may be matched by name or identification number.
+# you will not want to force squid to use itself (infinite loop)
+if {[variant_isset ipfw_transparent]} {
+    append start_extra "ipfw add 100 fwd 127.0.0.1,3128 tcp from any to any 80 uid 502\n"
+    append stop_extra "ipfw delete 100\n"
+}
+if {[variant_isset https]} {
+    append start_extra "ipfw add 101 fwd 127.0.0.1,3129 tcp from any to any 443 uid 502\n"
+    append stop_extra "ipfw delete 101\n"
+}
 startupitem.start \
     "cd ${prefix}/var/squid" \
     "if \[ ! -d \"${prefix}/var/squid/cache/00\" \]; then" \
     "\tsu -fm root -c \"exec ${prefix}/sbin/squid -s -z\"" \
     "fi" \
+    $start_extra \
     "su -fm root -c \"exec ${prefix}/sbin/squid -s\""
 startupitem.stop \
     "cd ${prefix}/var/squid" \
+    $stop_extra \
     "su -fm root -c \"exec ${prefix}/sbin/squid -k shutdown\""
 
 pre-destroot {
@@ -136,7 +152,7 @@
     configure.args-append   --enable-ipfw-transparent
 }
 
-variant https description "Enable https client requests" {
+variant https requires ipfw_transparent description "Enable https client requests" {
     configure.args-append   --enable-ssl
     depends_run-append  port:curl-ca-bundle
 }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-changes/attachments/20091214/a8959c40/attachment.html>

More information about the macports-changes mailing list