diff options
| author | jim-p <jimp@pfsense.org> | 2010-10-12 14:32:34 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2010-10-12 14:32:34 -0400 |
| commit | 3583714f6c009e7f2cd4214883da669335194d5a (patch) | |
| tree | 88d9375193f8908d224a441f564e3eb88fed4d9a /config/squid/squid.inc | |
| parent | 723138825d2ce62a0bb818e415166cf6d2316de0 (diff) | |
| download | pfsense-packages-3583714f6c009e7f2cd4214883da669335194d5a.tar.gz pfsense-packages-3583714f6c009e7f2cd4214883da669335194d5a.tar.bz2 pfsense-packages-3583714f6c009e7f2cd4214883da669335194d5a.zip | |
Allow user to input destination bypasses for squid, which work like the source bypasses. Also allow users to enter IPs, hostnames, or aliases into these fields. Version bump for squid.
Diffstat (limited to 'config/squid/squid.inc')
| -rw-r--r-- | config/squid/squid.inc | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/config/squid/squid.inc b/config/squid/squid.inc index fded1f8b..238fd37c 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -344,13 +344,23 @@ function squid_validate_general($post, $input_errors) { if (($post['transparent_proxy'] != 'on') && !empty($post['defined_ip_proxy_off'])) { $input_errors[] = "You can not bypass traffic from specific IPs without using the transparent proxy."; - } + } + if (($post['transparent_proxy'] != 'on') && !empty($post['defined_ip_proxy_off_dest'])) { + $input_errors[] = "You can not bypass traffic to specific IPs without using the transparent proxy."; + } foreach (array('defined_ip_proxy_off') as $hosts) { foreach (explode(";", $post[$hosts]) as $host) { $host = trim($host); - if (!empty($host) && !is_ipaddr($host)) - $input_errors[] = "The entry '$host' is not a valid IP address"; + if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host)) + $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias"; + } + } + foreach (array('defined_ip_proxy_off_dest') as $hosts) { + foreach (explode(";", $post[$hosts]) as $host) { + $host = trim($host); + if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host)) + $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias"; } } @@ -1330,14 +1340,32 @@ function squid_generate_rules($type) { foreach ($defined_ip_proxy_off as $ip_proxy_off) { if(!empty($ip_proxy_off)) { $ip_proxy_off = trim($ip_proxy_off); + if (is_alias($ip_proxy_off)) + $ip_proxy_off = '$'.$ip_proxy_off; $exempt_ip .= ", $ip_proxy_off"; } } $exempt_ip = substr($exempt_ip,2); foreach ($ifaces as $iface) { $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n"; - } - } + } + } + if (!empty($squid_conf['defined_ip_proxy_off_dest'])) { + $defined_ip_proxy_off_dest = explode(";", $squid_conf['defined_ip_proxy_off_dest']); + $exempt_dest = ""; + foreach ($defined_ip_proxy_off_dest as $ip_proxy_off_dest) { + if(!empty($ip_proxy_off_dest)) { + $ip_proxy_off_dest = trim($ip_proxy_off_dest); + if (is_alias($ip_proxy_off_dest)) + $ip_proxy_off_dest = '$'.$ip_proxy_off_dest; + $exempt_dest .= ", $ip_proxy_off_dest"; + } + } + $exempt_dest = substr($exempt_dest,2); + foreach ($ifaces as $iface) { + $rules .= "no rdr on $iface proto tcp from any to { $exempt_dest } port 80\n"; + } + } foreach ($ifaces as $iface) { $rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n"; } |