aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2015-11-18 00:42:29 -0600
committerChris Buechler <cmb@pfsense.org>2015-11-18 00:42:29 -0600
commit5f7814e7cb05beb4603ae676b1623ff0b2b04184 (patch)
tree8ce72e25e8a1bb3e84d57ed429d83b6c14c17e0f /config
parent0251c7a9d9a32aa52948689c9ce9fd747e5c66fa (diff)
parenta68f8ae65145133667bff837dd83bebfe5dc5cb2 (diff)
downloadpfsense-packages-5f7814e7cb05beb4603ae676b1623ff0b2b04184.tar.gz
pfsense-packages-5f7814e7cb05beb4603ae676b1623ff0b2b04184.tar.bz2
pfsense-packages-5f7814e7cb05beb4603ae676b1623ff0b2b04184.zip
Merge pull request #1181 from doktornotor/patch-8
Diffstat (limited to 'config')
-rwxr-xr-xconfig/squid3/34/squid.inc22
1 files changed, 14 insertions, 8 deletions
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc
index aee85bcd..b7eb9889 100755
--- a/config/squid3/34/squid.inc
+++ b/config/squid3/34/squid.inc
@@ -41,12 +41,6 @@ require_once('service-utils.inc');
if (!function_exists("filter_configure")) {
require_once("filter.inc");
}
-/* Squid reverse proxy */
-require_once('/usr/local/pkg/squid_reverse.inc');
-/* Squid javascript helpers */
-require_once('/usr/local/pkg/squid_js.inc');
-/* Squid antivirus intergration features helpers */
-require_once('/usr/local/pkg/squid_antivirus.inc');
$shortcut_section = "squid";
@@ -77,6 +71,13 @@ if ($uname['machine'] == 'amd64') {
ini_set('memory_limit', '250M');
}
+/* Squid reverse proxy */
+require_once('/usr/local/pkg/squid_reverse.inc');
+/* Squid javascript helpers */
+require_once('/usr/local/pkg/squid_js.inc');
+/* Squid antivirus intergration features helpers */
+require_once('/usr/local/pkg/squid_antivirus.inc');
+
/*
* Utility functions
*/
@@ -1222,9 +1223,14 @@ EOD;
foreach ($real_ifaces as $iface) {
list($ip, $mask) = $iface;
$ip = long2ip(ip2long($ip) & ip2long($mask));
- $mask = 32-log((ip2long($mask) ^ ip2long('255.255.255.255'))+1,2);
+ $mask = 32 - log((ip2long($mask) ^ ip2long('255.255.255.255')) +1, 2);
if (!preg_match("@$ip/$mask@", $src)) {
- $src .= " $ip/$mask";
+ // XXX: Do not add invalid subnets (Bug #4331, Bug #4526)
+ if (is_subnet("{$ip}/{$mask}")) {
+ $src .= " $ip/$mask";
+ } else {
+ log_error("[squid] 'Allow Users on Interface' ACL skipped for '{$ip}/{$mask}' since it is not a valid subnet.");
+ }
}
}
$conf .= "# Allow local network(s) on interface(s)\n";