aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2010-10-12 14:32:34 -0400
committerjim-p <jimp@pfsense.org>2010-10-12 14:32:34 -0400
commit3583714f6c009e7f2cd4214883da669335194d5a (patch)
tree88d9375193f8908d224a441f564e3eb88fed4d9a /config
parent723138825d2ce62a0bb818e415166cf6d2316de0 (diff)
downloadpfsense-packages-3583714f6c009e7f2cd4214883da669335194d5a.tar.gz
pfsense-packages-3583714f6c009e7f2cd4214883da669335194d5a.tar.bz2
pfsense-packages-3583714f6c009e7f2cd4214883da669335194d5a.zip
Allow user to input destination bypasses for squid, which work like the source bypasses. Also allow users to enter IPs, hostnames, or aliases into these fields. Version bump for squid.
Diffstat (limited to 'config')
-rw-r--r--config/squid/squid.inc38
-rw-r--r--config/squid/squid.xml12
2 files changed, 43 insertions, 7 deletions
diff --git a/config/squid/squid.inc b/config/squid/squid.inc
index fded1f8b..238fd37c 100644
--- a/config/squid/squid.inc
+++ b/config/squid/squid.inc
@@ -344,13 +344,23 @@ function squid_validate_general($post, $input_errors) {
if (($post['transparent_proxy'] != 'on') && !empty($post['defined_ip_proxy_off'])) {
$input_errors[] = "You can not bypass traffic from specific IPs without using the transparent proxy.";
- }
+ }
+ if (($post['transparent_proxy'] != 'on') && !empty($post['defined_ip_proxy_off_dest'])) {
+ $input_errors[] = "You can not bypass traffic to specific IPs without using the transparent proxy.";
+ }
foreach (array('defined_ip_proxy_off') as $hosts) {
foreach (explode(";", $post[$hosts]) as $host) {
$host = trim($host);
- if (!empty($host) && !is_ipaddr($host))
- $input_errors[] = "The entry '$host' is not a valid IP address";
+ if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host))
+ $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias";
+ }
+ }
+ foreach (array('defined_ip_proxy_off_dest') as $hosts) {
+ foreach (explode(";", $post[$hosts]) as $host) {
+ $host = trim($host);
+ if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host))
+ $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias";
}
}
@@ -1330,14 +1340,32 @@ function squid_generate_rules($type) {
foreach ($defined_ip_proxy_off as $ip_proxy_off) {
if(!empty($ip_proxy_off)) {
$ip_proxy_off = trim($ip_proxy_off);
+ if (is_alias($ip_proxy_off))
+ $ip_proxy_off = '$'.$ip_proxy_off;
$exempt_ip .= ", $ip_proxy_off";
}
}
$exempt_ip = substr($exempt_ip,2);
foreach ($ifaces as $iface) {
$rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n";
- }
- }
+ }
+ }
+ if (!empty($squid_conf['defined_ip_proxy_off_dest'])) {
+ $defined_ip_proxy_off_dest = explode(";", $squid_conf['defined_ip_proxy_off_dest']);
+ $exempt_dest = "";
+ foreach ($defined_ip_proxy_off_dest as $ip_proxy_off_dest) {
+ if(!empty($ip_proxy_off_dest)) {
+ $ip_proxy_off_dest = trim($ip_proxy_off_dest);
+ if (is_alias($ip_proxy_off_dest))
+ $ip_proxy_off_dest = '$'.$ip_proxy_off_dest;
+ $exempt_dest .= ", $ip_proxy_off_dest";
+ }
+ }
+ $exempt_dest = substr($exempt_dest,2);
+ foreach ($ifaces as $iface) {
+ $rules .= "no rdr on $iface proto tcp from any to { $exempt_dest } port 80\n";
+ }
+ }
foreach ($ifaces as $iface) {
$rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n";
}
diff --git a/config/squid/squid.xml b/config/squid/squid.xml
index 91019bed..1f251eea 100644
--- a/config/squid/squid.xml
+++ b/config/squid/squid.xml
@@ -177,10 +177,17 @@
<field>
<fielddescr>Bypass proxy for these source IPs</fielddescr>
<fieldname>defined_ip_proxy_off</fieldname>
- <description>Do not forward traffic from these &lt;b&gt;source&lt;/b&gt; IPs through the proxy server but directly through the firewall. Separate by semi-colons (;).</description>
+ <description>Do not forward traffic from these &lt;b&gt;source&lt;/b&gt; IPs, hostnames, or aliases through the proxy server but directly through the firewall. Separate by semi-colons (;).</description>
<type>input</type>
<size>80</size>
- </field>
+ </field>
+ <field>
+ <fielddescr>Bypass proxy for these destination IPs</fielddescr>
+ <fieldname>defined_ip_proxy_off_dest</fieldname>
+ <description>Do not proxy traffic going to these &lt;b&gt;destination&lt;/b&gt; IPs, hostnames, or aliases, but let it pass directly through the firewall. Separate by semi-colons (;).</description>
+ <type>input</type>
+ <size>80</size>
+ </field>
<field>
<fielddescr>Enabled logging</fielddescr>
<fieldname>log_enabled</fieldname>
@@ -332,3 +339,4 @@
</custom_php_deinstall_command>
<filter_rules_needed>squid_generate_rules</filter_rules_needed>
</packagegui>
+