diff mbox series

squid: Exclude OpenVPN remote subnets from transparent proxy

Message ID 1529416385-19921-1-git-send-email-erik.kapfer@ipfire.org
State Dropped
Headers
Series squid: Exclude OpenVPN remote subnets from transparent proxy |

Commit Message

Erik Kapfer June 19, 2018, 11:53 p.m. UTC 
  Fix for bug #11614
Some cosmetics has also been done in the IPSec subnet exclusion section.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
---
 src/initscripts/system/squid | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)
diff mbox series

Patch

diff --git a/src/initscripts/system/squid b/src/initscripts/system/squid
index 7255c0a..9c11255 100644
--- a/src/initscripts/system/squid
+++ b/src/initscripts/system/squid
@@ -25,17 +25,23 @@  transparent() {
 			exit 1
 		fi
 
-		COUNT=1
-		FILE=/var/ipfire/vpn/config
+		# Exclude IPSec N2N remote subnets from transparent proxy
+		while read IPSECREMOTESUBNET; do
+			CONN_TYPE=$(echo "$IPSECREMOTESUBNET" | awk -F, '{ print $5 }')
+			if [ "$CONN_TYPE" != "net" ]; then
+				continue
+			fi
+			iptables -t nat -A SQUID -i $1 -p tcp -d $(echo "$IPSECREMOTESUBNET" | awk -F, '{ print $13 }') --dport 80 -j RETURN
+		done < /var/ipfire/vpn/config
 
-		while read LINE; do
-			let COUNT=$COUNT+1
-			CONN_TYPE=`echo "$LINE" | awk -F, '{ print $5 }'`
+		# Exclude OpenVPN N2N remote subnets from transparent proxy
+		while read OVPNREMOTESUBNET; do
+			CONN_TYPE=$(echo "$OVPNREMOTESUBNET" | awk -F, '{ print $5 }')
 			if [ "$CONN_TYPE" != "net" ]; then
 				continue
 			fi
-		iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk -F, '{ print $13 }'` --dport 80 -j RETURN
-		done < $FILE
+			iptables -t nat -A SQUID -i $1 -p tcp -d $(echo "$OVPNREMOTESUBNET" | awk -F, '{ print $13 }') --dport 80 -j RETURN
+		done < /var/ipfire/ovpn/ovpnconfig
 
 		if [ "$RED_TYPE" == "STATIC" ]; then
 			iptables -t nat -A SQUID -i $1 -p tcp -d $RED_NETADDRESS/$RED_NETMASK --dport 80 -j RETURN