diff options
| author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2012-07-11 16:42:41 -0300 |
|---|---|---|
| committer | marcelloc <marcellocoutinho@gmail.com> | 2012-07-11 16:42:41 -0300 |
| commit | 5a519f7e667fea73434b3c1433f8c8ba1fe66eae (patch) | |
| tree | c9d4d1ad99f30447adf00de9f0eab508cdd1e98a /config | |
| parent | 338d3bf70dceac5baa0cd2eab68d8a4db256483a (diff) | |
| download | pfsense-packages-5a519f7e667fea73434b3c1433f8c8ba1fe66eae.tar.gz pfsense-packages-5a519f7e667fea73434b3c1433f8c8ba1fe66eae.tar.bz2 pfsense-packages-5a519f7e667fea73434b3c1433f8c8ba1fe66eae.zip | |
squid3 - change Unrestricted IPs and Banned host addresses check to allow CIDR networks
Diffstat (limited to 'config')
| -rw-r--r-- | config/squid-reverse/squid.inc | 16 | ||||
| -rw-r--r-- | config/squid-reverse/squid_nac.xml | 4 |
2 files changed, 14 insertions, 6 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index 51e5892c..e00da80c 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -492,10 +492,18 @@ function squid_validate_nac($post, $input_errors) { } foreach (array( 'unrestricted_hosts', 'banned_hosts') as $hosts) { - foreach (explode("\n", $post[$hosts]) as $host) { - $host = trim($host); - if (!empty($host) && !is_ipaddr($host)) - $input_errors[] = "The host '$host' is not a valid IP address"; + + if (preg_match_all("@([0-9.]+)(/[0-9.]+|)@",$_POST[$hosts],$matches)){ + for ($x=0;$x < count($matches[1]);$x++){ + if ($matches[2][$x] == ""){ + if (!is_ipaddr($matches[1][$x])) + $input_errors[] = "'{$matches[1][$x]}' is not a valid IP address"; + } + else{ + if (!is_subnet($matches[0][$x])) + $input_errors[] = "The subnet '{$matches[0][$x]}' is not a valid CIDR range"; + } + } } } diff --git a/config/squid-reverse/squid_nac.xml b/config/squid-reverse/squid_nac.xml index 9371a0ba..bc4a278e 100644 --- a/config/squid-reverse/squid_nac.xml +++ b/config/squid-reverse/squid_nac.xml @@ -105,7 +105,7 @@ <field> <fielddescr>Unrestricted IPs</fielddescr> <fieldname>unrestricted_hosts</fieldname> - <description>Enter each unrestricted IP address on a new line that is not to be filtered out by the other access control directives set in this page.</description> + <description>Enter unrestricted IP address / network(in CIDR format) on a new line that is not to be filtered out by the other access control directives set in this page.</description> <type>textarea</type> <cols>50</cols> <rows>5</rows> @@ -114,7 +114,7 @@ <field> <fielddescr>Banned host addresses</fielddescr> <fieldname>banned_hosts</fieldname> - <description>Enter each IP address on a new line that is not to be allowed to use the proxy.</description> + <description>Enter each IP address / network(in CIDR format) on a new line that is not to be allowed to use the proxy.</description> <type>textarea</type> <cols>50</cols> <rows>5</rows> |