Here are the 2 template fragments that I added to /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
[root@router masq]# more 35transproxy
{
my ($network, $broadcast) =
esmith::util::computeNetworkAndBroadcast ($LocalIP, $LocalNetmask);
$OUT .= "/sbin/ipchains --append input -j ACCEPT -p tcp ";
$OUT .= "--source $network/$LocalNetmask --destination $LocalIP 80\n";
$OUT .= "/sbin/ipchains --append input -j ACCEPT -p tcp ";
$OUT .= "--destination 127.0.0.1 80\n";
$OUT .= "/sbin/ipchains --append input -j REDIRECT 8080 -p tcp ";
$OUT .= "--source $network/$LocalNetmask --destination 0.0.0.0/0 80\n";
local %networks;
tie %networks, 'esmith::config', '/home/e-smith/networks';
foreach my $network (keys %networks)
{
my ($type, %properties) = db_get(\%networks, $network);
if ($type eq 'network')
{
$OUT .= " /sbin/ipchains --append input -j ACCEPT -p tcp ";
$OUT .= "--source $key/$properties{'Mask'} ";
$OUT .= "--destination $LocalIP 80\n";
$OUT .= " /sbin/ipchains --append input -j ACCEPT -p tcp ";
$OUT .= "--destination 127.0.0.1 80\n";
$OUT .= " /sbin/ipchains --append input -j REDIRECT 8080 ";
$OUT .= "-p tcp --source $key/$properties{'Mask'} ";
$OUT .= "--destination 0.0.0.0/0 80\n";
}
}
}
[root@router masq]# more 45DenyDansguardian
{
local %services = ( dansguardian => $dansguardian );
if ( db_get_prop(\%services, 'dansguardian', 'status') eq 'enabled' )
{
$OUT .= <<'HERE';
/sbin/ipchains --append input -p tcp -y -s 0/0 -d $OUTERNET 8080 -j denylog
HERE
}
}
I also added the following line in: /home/e-smith/configuration
dansguardian=service|InitscriptOrder|92|status|enabled
and finally added the following link in: /etc/rc7.d
ln -s /etc/rc.d/init.d/dansguardian S92dansguardian
Everything else was done automatically buy the RPM. Of course you still need to configure /etc/dansguardian/dansguardian.conf to you taste.