diff options
author | jim-p <jimp@pfsense.org> | 2010-10-12 14:32:34 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2010-10-12 14:32:34 -0400 |
commit | 3583714f6c009e7f2cd4214883da669335194d5a (patch) | |
tree | 88d9375193f8908d224a441f564e3eb88fed4d9a | |
parent | 723138825d2ce62a0bb818e415166cf6d2316de0 (diff) | |
download | pfsense-packages-3583714f6c009e7f2cd4214883da669335194d5a.tar.gz pfsense-packages-3583714f6c009e7f2cd4214883da669335194d5a.tar.bz2 pfsense-packages-3583714f6c009e7f2cd4214883da669335194d5a.zip |
Allow user to input destination bypasses for squid, which work like the source bypasses. Also allow users to enter IPs, hostnames, or aliases into these fields. Version bump for squid.
-rw-r--r-- | config/squid/squid.inc | 38 | ||||
-rw-r--r-- | config/squid/squid.xml | 12 | ||||
-rwxr-xr-x | pkg_config.7.xml | 2 | ||||
-rwxr-xr-x | pkg_config.8.xml | 2 | ||||
-rwxr-xr-x | pkg_config.8.xml.amd64 | 2 |
5 files changed, 46 insertions, 10 deletions
diff --git a/config/squid/squid.inc b/config/squid/squid.inc index fded1f8b..238fd37c 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -344,13 +344,23 @@ function squid_validate_general($post, $input_errors) { if (($post['transparent_proxy'] != 'on') && !empty($post['defined_ip_proxy_off'])) { $input_errors[] = "You can not bypass traffic from specific IPs without using the transparent proxy."; - } + } + if (($post['transparent_proxy'] != 'on') && !empty($post['defined_ip_proxy_off_dest'])) { + $input_errors[] = "You can not bypass traffic to specific IPs without using the transparent proxy."; + } foreach (array('defined_ip_proxy_off') as $hosts) { foreach (explode(";", $post[$hosts]) as $host) { $host = trim($host); - if (!empty($host) && !is_ipaddr($host)) - $input_errors[] = "The entry '$host' is not a valid IP address"; + if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host)) + $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias"; + } + } + foreach (array('defined_ip_proxy_off_dest') as $hosts) { + foreach (explode(";", $post[$hosts]) as $host) { + $host = trim($host); + if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host)) + $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias"; } } @@ -1330,14 +1340,32 @@ function squid_generate_rules($type) { foreach ($defined_ip_proxy_off as $ip_proxy_off) { if(!empty($ip_proxy_off)) { $ip_proxy_off = trim($ip_proxy_off); + if (is_alias($ip_proxy_off)) + $ip_proxy_off = '$'.$ip_proxy_off; $exempt_ip .= ", $ip_proxy_off"; } } $exempt_ip = substr($exempt_ip,2); foreach ($ifaces as $iface) { $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n"; - } - } + } + } + if (!empty($squid_conf['defined_ip_proxy_off_dest'])) { + $defined_ip_proxy_off_dest = explode(";", $squid_conf['defined_ip_proxy_off_dest']); + $exempt_dest = ""; + foreach ($defined_ip_proxy_off_dest as $ip_proxy_off_dest) { + if(!empty($ip_proxy_off_dest)) { + $ip_proxy_off_dest = trim($ip_proxy_off_dest); + if (is_alias($ip_proxy_off_dest)) + $ip_proxy_off_dest = '$'.$ip_proxy_off_dest; + $exempt_dest .= ", $ip_proxy_off_dest"; + } + } + $exempt_dest = substr($exempt_dest,2); + foreach ($ifaces as $iface) { + $rules .= "no rdr on $iface proto tcp from any to { $exempt_dest } port 80\n"; + } + } foreach ($ifaces as $iface) { $rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n"; } diff --git a/config/squid/squid.xml b/config/squid/squid.xml index 91019bed..1f251eea 100644 --- a/config/squid/squid.xml +++ b/config/squid/squid.xml @@ -177,10 +177,17 @@ <field> <fielddescr>Bypass proxy for these source IPs</fielddescr> <fieldname>defined_ip_proxy_off</fieldname> - <description>Do not forward traffic from these <b>source</b> IPs through the proxy server but directly through the firewall. Separate by semi-colons (;).</description> + <description>Do not forward traffic from these <b>source</b> IPs, hostnames, or aliases through the proxy server but directly through the firewall. Separate by semi-colons (;).</description> <type>input</type> <size>80</size> - </field> + </field> + <field> + <fielddescr>Bypass proxy for these destination IPs</fielddescr> + <fieldname>defined_ip_proxy_off_dest</fieldname> + <description>Do not proxy traffic going to these <b>destination</b> IPs, hostnames, or aliases, but let it pass directly through the firewall. Separate by semi-colons (;).</description> + <type>input</type> + <size>80</size> + </field> <field> <fielddescr>Enabled logging</fielddescr> <fieldname>log_enabled</fieldname> @@ -332,3 +339,4 @@ </custom_php_deinstall_command> <filter_rules_needed>squid_generate_rules</filter_rules_needed> </packagegui> + diff --git a/pkg_config.7.xml b/pkg_config.7.xml index 2da67064..7c5123eb 100755 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -770,7 +770,7 @@ <descr>High performance web proxy cache.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9_3</version> + <version>2.7.9_4</version> <status>Stable</status> <required_version>1.2.1</required_version> <maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com</maintainer> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index ce2b817f..8eb39653 100755 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -701,7 +701,7 @@ <descr>High performance web proxy cache.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9_3</version> + <version>2.7.9_4</version> <status>Stable</status> <required_version>2</required_version> <maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 98be97d8..60bdcd26 100755 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -10,7 +10,7 @@ <descr>High performance web proxy cache.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9_3</version> + <version>2.7.9_4</version> <status>Stable</status> <required_version>2</required_version> <maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> |