Allow user to input destination bypasses for squid, which work like the source bypasses. Also allow users to enter IPs, hostnames, or aliases into these fields. Version bump for squid.

5 files changed, 46 insertions, 10 deletions

diff --git a/config/squid/squid.inc b/config/squid/squid.inc
index fded1f8b..238fd37c 100644
--- a/config/squid/squid.inc
+++ b/config/squid/squid.inc
@@ -344,13 +344,23 @@ function squid_validate_general($post, $input_errors) {
 	
 	if (($post['transparent_proxy'] != 'on') && !empty($post['defined_ip_proxy_off'])) {
 		$input_errors[] = "You can not bypass traffic from specific IPs without using the transparent proxy.";
-	}	
+	}
+	if (($post['transparent_proxy'] != 'on') && !empty($post['defined_ip_proxy_off_dest'])) {
+		$input_errors[] = "You can not bypass traffic to specific IPs without using the transparent proxy.";
+	}
 
 	foreach (array('defined_ip_proxy_off') as $hosts) {
 		foreach (explode(";", $post[$hosts]) as $host) {
 			$host = trim($host);
-			if (!empty($host) && !is_ipaddr($host))
-				$input_errors[] = "The entry '$host' is not a valid IP address";
+			if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host))
+				$input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias";
+		}
+	}
+	foreach (array('defined_ip_proxy_off_dest') as $hosts) {
+		foreach (explode(";", $post[$hosts]) as $host) {
+			$host = trim($host);
+			if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host))
+				$input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias";
 		}
 	}
 
@@ -1330,14 +1340,32 @@ function squid_generate_rules($type) {
 				foreach ($defined_ip_proxy_off as $ip_proxy_off) {
 					if(!empty($ip_proxy_off)) {
 						$ip_proxy_off = trim($ip_proxy_off);
+						if (is_alias($ip_proxy_off))
+							$ip_proxy_off = '$'.$ip_proxy_off;
 						$exempt_ip .= ", $ip_proxy_off";
 					}
 				}
 				$exempt_ip = substr($exempt_ip,2);
 				foreach ($ifaces as $iface) {
 					$rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n";         
-				}          
-			}     
+				}
+			}
+			if (!empty($squid_conf['defined_ip_proxy_off_dest'])) {
+				$defined_ip_proxy_off_dest = explode(";", $squid_conf['defined_ip_proxy_off_dest']);
+				$exempt_dest = "";
+				foreach ($defined_ip_proxy_off_dest as $ip_proxy_off_dest) {
+					if(!empty($ip_proxy_off_dest)) {
+						$ip_proxy_off_dest = trim($ip_proxy_off_dest);
+						if (is_alias($ip_proxy_off_dest))
+							$ip_proxy_off_dest = '$'.$ip_proxy_off_dest;
+						$exempt_dest .= ", $ip_proxy_off_dest";
+					}
+				}
+				$exempt_dest = substr($exempt_dest,2);
+				foreach ($ifaces as $iface) {
+					$rules .= "no rdr on $iface proto tcp from any to { $exempt_dest } port 80\n";         
+				}
+			}
 			foreach ($ifaces as $iface) {
 				$rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n";
 			}
diff --git a/config/squid/squid.xml b/config/squid/squid.xml
index 91019bed..1f251eea 100644
--- a/config/squid/squid.xml
+++ b/config/squid/squid.xml
@@ -177,10 +177,17 @@
 		<field>
 			<fielddescr>Bypass proxy for these source IPs</fielddescr>
 			<fieldname>defined_ip_proxy_off</fieldname>
-			<description>Do not forward traffic from these &lt;b&gt;source&lt;/b&gt; IPs through the proxy server but directly through the firewall. Separate by semi-colons (;).</description>
+			<description>Do not forward traffic from these &lt;b&gt;source&lt;/b&gt; IPs, hostnames, or aliases through the proxy server but directly through the firewall. Separate by semi-colons (;).</description>
 			<type>input</type>
   		<size>80</size>
-		</field>		
+		</field>
+		<field>
+			<fielddescr>Bypass proxy for these destination IPs</fielddescr>
+			<fieldname>defined_ip_proxy_off_dest</fieldname>
+			<description>Do not proxy traffic going to these &lt;b&gt;destination&lt;/b&gt; IPs, hostnames, or aliases, but let it pass directly through the firewall. Separate by semi-colons (;).</description>
+			<type>input</type>
+		<size>80</size>
+		</field>
 		<field>
 			<fielddescr>Enabled logging</fielddescr>
 			<fieldname>log_enabled</fieldname>
@@ -332,3 +339,4 @@
 	</custom_php_deinstall_command>
 	<filter_rules_needed>squid_generate_rules</filter_rules_needed>
 </packagegui>
+
diff --git a/pkg_config.7.xml b/pkg_config.7.xml
index 2da67064..7c5123eb 100755
--- a/pkg_config.7.xml
+++ b/pkg_config.7.xml
@@ -770,7 +770,7 @@
       <descr>High performance web proxy cache.</descr>
       <website>http://www.squid-cache.org/</website>
       <category>Network</category>
-      <version>2.7.9_3</version>
+      <version>2.7.9_4</version>
       <status>Stable</status>
       <required_version>1.2.1</required_version>
       <maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com</maintainer>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index ce2b817f..8eb39653 100755
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -701,7 +701,7 @@
       <descr>High performance web proxy cache.</descr>
       <website>http://www.squid-cache.org/</website>
       <category>Network</category>
-      <version>2.7.9_3</version>
+      <version>2.7.9_4</version>
       <status>Stable</status>
       <required_version>2</required_version>
       <maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 98be97d8..60bdcd26 100755
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -10,7 +10,7 @@
 		<descr>High performance web proxy cache.</descr>
 		<website>http://www.squid-cache.org/</website>
 		<category>Network</category>
-		<version>2.7.9_3</version>
+		<version>2.7.9_4</version>
 		<status>Stable</status>
 		<required_version>2</required_version>
 		<maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>