www/squid: reconsider enabling all options

Nick Rogers ncrogers at gmail.com
Mon Apr 25 22:32:25 UTC 2016


I just recompiled my www/squid port to the latest 3.5.17 version. Prior to
this I was running 3.5.14. I immediately noticed that my transparent proxy
setup via PF was broken and throwing a "Forwarding loop detected" error in
the logs.

I then noticed the following recent commit which enables all options/knobs
that do not require dependencies:

This change enables the ipf-transparent (TP_IP), ipfw-transparent (TP_IPF),
and pf-transparent (TP_PF) options at the same time, and turned out to be
the root of my "redirection loop" problem.

I am unclear why, but in my experience these options have always been
incompatible with each other, which is why in previous versions of the
www/squid port and its prior iterations these knobs have always been
disabled by default. I've always explicitly enabled TP_PF in my make.conf.

I was able to fix my issue by recompiling without the TP_IP and TP_IPF
options, but I believe more thought/discussion should be given to all the
new options that are now enabled by default in the port.



More information about the freebsd-ports mailing list