diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-11-18 00:42:29 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-11-18 00:42:29 -0600 |
commit | 5f7814e7cb05beb4603ae676b1623ff0b2b04184 (patch) | |
tree | 8ce72e25e8a1bb3e84d57ed429d83b6c14c17e0f /config | |
parent | 0251c7a9d9a32aa52948689c9ce9fd747e5c66fa (diff) | |
parent | a68f8ae65145133667bff837dd83bebfe5dc5cb2 (diff) | |
download | pfsense-packages-5f7814e7cb05beb4603ae676b1623ff0b2b04184.tar.gz pfsense-packages-5f7814e7cb05beb4603ae676b1623ff0b2b04184.tar.bz2 pfsense-packages-5f7814e7cb05beb4603ae676b1623ff0b2b04184.zip |
Merge pull request #1181 from doktornotor/patch-8
Diffstat (limited to 'config')
-rwxr-xr-x | config/squid3/34/squid.inc | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index aee85bcd..b7eb9889 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -41,12 +41,6 @@ require_once('service-utils.inc'); if (!function_exists("filter_configure")) { require_once("filter.inc"); } -/* Squid reverse proxy */ -require_once('/usr/local/pkg/squid_reverse.inc'); -/* Squid javascript helpers */ -require_once('/usr/local/pkg/squid_js.inc'); -/* Squid antivirus intergration features helpers */ -require_once('/usr/local/pkg/squid_antivirus.inc'); $shortcut_section = "squid"; @@ -77,6 +71,13 @@ if ($uname['machine'] == 'amd64') { ini_set('memory_limit', '250M'); } +/* Squid reverse proxy */ +require_once('/usr/local/pkg/squid_reverse.inc'); +/* Squid javascript helpers */ +require_once('/usr/local/pkg/squid_js.inc'); +/* Squid antivirus intergration features helpers */ +require_once('/usr/local/pkg/squid_antivirus.inc'); + /* * Utility functions */ @@ -1222,9 +1223,14 @@ EOD; foreach ($real_ifaces as $iface) { list($ip, $mask) = $iface; $ip = long2ip(ip2long($ip) & ip2long($mask)); - $mask = 32-log((ip2long($mask) ^ ip2long('255.255.255.255'))+1,2); + $mask = 32 - log((ip2long($mask) ^ ip2long('255.255.255.255')) +1, 2); if (!preg_match("@$ip/$mask@", $src)) { - $src .= " $ip/$mask"; + // XXX: Do not add invalid subnets (Bug #4331, Bug #4526) + if (is_subnet("{$ip}/{$mask}")) { + $src .= " $ip/$mask"; + } else { + log_error("[squid] 'Allow Users on Interface' ACL skipped for '{$ip}/{$mask}' since it is not a valid subnet."); + } } } $conf .= "# Allow local network(s) on interface(s)\n"; |