aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/squid/squid.inc38
-rw-r--r--config/squid/squid.xml12
-rwxr-xr-xpkg_config.7.xml2
-rwxr-xr-xpkg_config.8.xml2
-rwxr-xr-xpkg_config.8.xml.amd642
5 files changed, 46 insertions, 10 deletions
diff --git a/config/squid/squid.inc b/config/squid/squid.inc
index fded1f8b..238fd37c 100644
--- a/config/squid/squid.inc
+++ b/config/squid/squid.inc
@@ -344,13 +344,23 @@ function squid_validate_general($post, $input_errors) {
if (($post['transparent_proxy'] != 'on') && !empty($post['defined_ip_proxy_off'])) {
$input_errors[] = "You can not bypass traffic from specific IPs without using the transparent proxy.";
- }
+ }
+ if (($post['transparent_proxy'] != 'on') && !empty($post['defined_ip_proxy_off_dest'])) {
+ $input_errors[] = "You can not bypass traffic to specific IPs without using the transparent proxy.";
+ }
foreach (array('defined_ip_proxy_off') as $hosts) {
foreach (explode(";", $post[$hosts]) as $host) {
$host = trim($host);
- if (!empty($host) && !is_ipaddr($host))
- $input_errors[] = "The entry '$host' is not a valid IP address";
+ if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host))
+ $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias";
+ }
+ }
+ foreach (array('defined_ip_proxy_off_dest') as $hosts) {
+ foreach (explode(";", $post[$hosts]) as $host) {
+ $host = trim($host);
+ if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host))
+ $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias";
}
}
@@ -1330,14 +1340,32 @@ function squid_generate_rules($type) {
foreach ($defined_ip_proxy_off as $ip_proxy_off) {
if(!empty($ip_proxy_off)) {
$ip_proxy_off = trim($ip_proxy_off);
+ if (is_alias($ip_proxy_off))
+ $ip_proxy_off = '$'.$ip_proxy_off;
$exempt_ip .= ", $ip_proxy_off";
}
}
$exempt_ip = substr($exempt_ip,2);
foreach ($ifaces as $iface) {
$rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n";
- }
- }
+ }
+ }
+ if (!empty($squid_conf['defined_ip_proxy_off_dest'])) {
+ $defined_ip_proxy_off_dest = explode(";", $squid_conf['defined_ip_proxy_off_dest']);
+ $exempt_dest = "";
+ foreach ($defined_ip_proxy_off_dest as $ip_proxy_off_dest) {
+ if(!empty($ip_proxy_off_dest)) {
+ $ip_proxy_off_dest = trim($ip_proxy_off_dest);
+ if (is_alias($ip_proxy_off_dest))
+ $ip_proxy_off_dest = '$'.$ip_proxy_off_dest;
+ $exempt_dest .= ", $ip_proxy_off_dest";
+ }
+ }
+ $exempt_dest = substr($exempt_dest,2);
+ foreach ($ifaces as $iface) {
+ $rules .= "no rdr on $iface proto tcp from any to { $exempt_dest } port 80\n";
+ }
+ }
foreach ($ifaces as $iface) {
$rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n";
}
diff --git a/config/squid/squid.xml b/config/squid/squid.xml
index 91019bed..1f251eea 100644
--- a/config/squid/squid.xml
+++ b/config/squid/squid.xml
@@ -177,10 +177,17 @@
<field>
<fielddescr>Bypass proxy for these source IPs</fielddescr>
<fieldname>defined_ip_proxy_off</fieldname>
- <description>Do not forward traffic from these &lt;b&gt;source&lt;/b&gt; IPs through the proxy server but directly through the firewall. Separate by semi-colons (;).</description>
+ <description>Do not forward traffic from these &lt;b&gt;source&lt;/b&gt; IPs, hostnames, or aliases through the proxy server but directly through the firewall. Separate by semi-colons (;).</description>
<type>input</type>
<size>80</size>
- </field>
+ </field>
+ <field>
+ <fielddescr>Bypass proxy for these destination IPs</fielddescr>
+ <fieldname>defined_ip_proxy_off_dest</fieldname>
+ <description>Do not proxy traffic going to these &lt;b&gt;destination&lt;/b&gt; IPs, hostnames, or aliases, but let it pass directly through the firewall. Separate by semi-colons (;).</description>
+ <type>input</type>
+ <size>80</size>
+ </field>
<field>
<fielddescr>Enabled logging</fielddescr>
<fieldname>log_enabled</fieldname>
@@ -332,3 +339,4 @@
</custom_php_deinstall_command>
<filter_rules_needed>squid_generate_rules</filter_rules_needed>
</packagegui>
+
diff --git a/pkg_config.7.xml b/pkg_config.7.xml
index 2da67064..7c5123eb 100755
--- a/pkg_config.7.xml
+++ b/pkg_config.7.xml
@@ -770,7 +770,7 @@
<descr>High performance web proxy cache.</descr>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>2.7.9_3</version>
+ <version>2.7.9_4</version>
<status>Stable</status>
<required_version>1.2.1</required_version>
<maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com</maintainer>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index ce2b817f..8eb39653 100755
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -701,7 +701,7 @@
<descr>High performance web proxy cache.</descr>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>2.7.9_3</version>
+ <version>2.7.9_4</version>
<status>Stable</status>
<required_version>2</required_version>
<maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 98be97d8..60bdcd26 100755
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -10,7 +10,7 @@
<descr>High performance web proxy cache.</descr>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>2.7.9_3</version>
+ <version>2.7.9_4</version>
<status>Stable</status>
<required_version>2</required_version>
<maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>