squid3 - change Unrestricted IPs and Banned host addresses check to allow CIDR networks

4 files changed, 16 insertions, 8 deletions

diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc
index 51e5892c..e00da80c 100644
--- a/config/squid-reverse/squid.inc
+++ b/config/squid-reverse/squid.inc
@@ -492,10 +492,18 @@ function squid_validate_nac($post, $input_errors) {
 	}
 
 	foreach (array(	'unrestricted_hosts', 'banned_hosts') as $hosts) {
-		foreach (explode("\n", $post[$hosts]) as $host) {
-			$host = trim($host);
-			if (!empty($host) && !is_ipaddr($host))
-				$input_errors[] = "The host '$host' is not a valid IP address";
+		
+		if (preg_match_all("@([0-9.]+)(/[0-9.]+|)@",$_POST[$hosts],$matches)){
+			for ($x=0;$x < count($matches[1]);$x++){
+				if ($matches[2][$x] == ""){
+					if (!is_ipaddr($matches[1][$x]))
+						$input_errors[] = "'{$matches[1][$x]}' is not a valid IP address";
+					}
+				else{
+					if (!is_subnet($matches[0][$x]))
+						$input_errors[] = "The subnet '{$matches[0][$x]}' is not a valid CIDR range";
+					}
+				}
 		}
 	}
 
diff --git a/config/squid-reverse/squid_nac.xml b/config/squid-reverse/squid_nac.xml
index 9371a0ba..bc4a278e 100644
--- a/config/squid-reverse/squid_nac.xml
+++ b/config/squid-reverse/squid_nac.xml
@@ -105,7 +105,7 @@
 		<field>
 			<fielddescr>Unrestricted IPs</fielddescr>
 			<fieldname>unrestricted_hosts</fieldname>
-			<description>Enter each unrestricted IP address on a new line that is not to be filtered out by the other access control directives set in this page.</description>
+			<description>Enter unrestricted IP address / network(in CIDR format) on a new line that is not to be filtered out by the other access control directives set in this page.</description>
 			<type>textarea</type>
 			<cols>50</cols>
 			<rows>5</rows>
@@ -114,7 +114,7 @@
 		<field>
 			<fielddescr>Banned host addresses</fielddescr>
 			<fieldname>banned_hosts</fieldname>
-			<description>Enter each IP address on a new line that is not to be allowed to use the proxy.</description>
+			<description>Enter each IP address / network(in CIDR format) on a new line that is not to be allowed to use the proxy.</description>
 			<type>textarea</type>
 			<cols>50</cols>
 			<rows>5</rows>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index e1a565c7..44b49a41 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -1181,7 +1181,7 @@
 		<pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink>
 		<website>http://www.squid-cache.org/</website>
 		<category>Network</category>
-		<version>3.1.20 pkg 2.0.5_2</version>
+		<version>3.1.20 pkg 2.0.5_3</version>
 		<status>beta</status>
 		<required_version>2.0</required_version>
 		<maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 78b1d1fa..b833cb14 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -1168,7 +1168,7 @@
 		<pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink>
 		<website>http://www.squid-cache.org/</website>
 		<category>Network</category>
-		<version>3.1.20 pkg 2.0.5_2</version>
+		<version>3.1.20 pkg 2.0.5_3</version>
 		<status>beta</status>
 		<required_version>2.0</required_version>
 		<maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>