diff options
Diffstat (limited to 'config/squid')
| -rw-r--r-- | config/squid/squid.inc | 60 | ||||
| -rw-r--r-- | config/squid/squid_nac.xml | 4 |
2 files changed, 38 insertions, 26 deletions
diff --git a/config/squid/squid.inc b/config/squid/squid.inc index ed610205..113bc09f 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -1221,30 +1221,36 @@ function squid_generate_rules($type) { switch($type) { case 'nat': $rules .= "\n# Setup Squid proxy redirect\n"; - if ($squid_conf['private_subnet_proxy_off'] == 'on') { - foreach ($ifaces as $iface){ - $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port 80\n"; - } - } - - if (!empty($squid_conf['defined_ip_proxy_off'])) { - $defined_ip_proxy_off = explode(";", $squid_conf['defined_ip_proxy_off']); - $exempt_ip = ""; - foreach ($defined_ip_proxy_off as $ip_proxy_off) { - if(!empty($ip_proxy_off)) { - $ip_proxy_off = trim($ip_proxy_off); - $exempt_ip .= ", $ip_proxy_off"; - } - } - $exempt_ip = substr($exempt_ip,2); - foreach ($ifaces as $iface){ - $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n"; - } - } - - foreach ($ifaces as $iface){ + if ($squid_conf['private_subnet_proxy_off'] == 'on') { + foreach ($ifaces as $iface){ + $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port 80\n"; + } + } + if (!empty($squid_conf['defined_ip_proxy_off'])) { + $defined_ip_proxy_off = explode(";", $squid_conf['defined_ip_proxy_off']); + $exempt_ip = ""; + foreach ($defined_ip_proxy_off as $ip_proxy_off) { + if(!empty($ip_proxy_off)) { + $ip_proxy_off = trim($ip_proxy_off); + $exempt_ip .= ", $ip_proxy_off"; + } + } + $exempt_ip = substr($exempt_ip,2); + foreach ($ifaces as $iface) { + $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n"; + } + } + foreach ($ifaces as $iface) { $rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n"; - }; + } + /* Handle PPPOE case */ + if($config['pppoe']['mode'] == "off") { + $rules .= "rdr on \$pppoe proto tcp from any to !(\$pppoe) port 80 -> 127.0.0.1 port 80\n"; + } + /* Handle PPTP case */ + if($config['pptpd']['mode'] != "off") { + $rules .= "rdr on \$pptp proto tcp from any to !(\$pptp) port 80 -> 127.0.0.1 port 80\n"; + } $rules .= "\n"; break; case 'filter': @@ -1253,7 +1259,13 @@ function squid_generate_rules($type) { $rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n"; $rules .= "pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n"; $rules .= "\n"; - }; + }; + if($config['pppoe']['mode'] == "off") { + $rules .= "pass in quick on \$pppoe proto tcp from any to !(\$pppoe) port $port flags S/SA keep state\n"; + } + if($config['pptpd']['mode'] != "off") { + $rules .= "pass in quick on \$pptp proto tcp from any to !(\$pptp) port $port flags S/SA keep state\n"; + } break; default: break; diff --git a/config/squid/squid_nac.xml b/config/squid/squid_nac.xml index e0489f8e..a61471ec 100644 --- a/config/squid/squid_nac.xml +++ b/config/squid/squid_nac.xml @@ -111,7 +111,7 @@ <field> <fielddescr>Whitelist</fielddescr> <fieldname>whitelist</fieldname> - <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy.</description> + <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy. You also can use regular expressions.</description> <type>textarea</type> <cols>50</cols> <rows>5</rows> @@ -120,7 +120,7 @@ <field> <fielddescr>Blacklist</fielddescr> <fieldname>blacklist</fieldname> - <description>Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy.</description> + <description>Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions.</description> <type>textarea</type> <cols>50</cols> <rows>5</rows> |