Squid: Exclude remote OpenVPN-N2N subnet from transparent proxy
Commit Message
Patch is from bug #11614
With the please to deliver it for further review to the dev mailinglist.
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
---
src/initscripts/system/squid | 11 +++++++++++
1 file changed, 11 insertions(+)
Comments
Hi,
I think we have to rework that code a litte. It is hard to understand.
On Mon, 2018-06-18 at 20:32 +0200, Erik Kapfer wrote:
> Patch is from bug #11614
> With the please to deliver it for further review to the dev mailinglist.
>
> Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
> ---
> src/initscripts/system/squid | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/src/initscripts/system/squid b/src/initscripts/system/squid
> index 7255c0a..267a416 100644
> --- a/src/initscripts/system/squid
> +++ b/src/initscripts/system/squid
> @@ -37,6 +37,17 @@ transparent() {
> iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk
> -F, '{ print $13 }'` --dport 80 -j RETURN
> done < $FILE
>
> + FILE=/var/ipfire/ovpn/ovpnconfig
Not sure why this is variable since it is only used once.
> +
> + while read LINE; do
> + let COUNT=$COUNT+1
COUNT is never initialized and never used either.
> + CONN_TYPE=`echo "$LINE" | awk -F, '{ print $5 }'`
> + if [ "$CONN_TYPE" != "net" ]; then
> + continue
> + fi
The following iptables line is missing a tab.
> + iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk
> -F, '{ print $13 }'` --dport 80 -j RETURN
It is not clear what the command should be like.
I think it is best to use while read ...; do ... done to walk through the file
line by line and put the values into a variable with a good name. That will
avoid confusion later.
> + done < $FILE
> +
> if [ "$RED_TYPE" == "STATIC" ]; then
> iptables -t nat -A SQUID -i $1 -p tcp -d
> $RED_NETADDRESS/$RED_NETMASK --dport 80 -j RETURN
> fi
Erik, would you please rework this patch?
Best,
-Michael
@@ -37,6 +37,17 @@ transparent() {
iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk -F, '{ print $13 }'` --dport 80 -j RETURN
done < $FILE
+ FILE=/var/ipfire/ovpn/ovpnconfig
+
+ while read LINE; do
+ let COUNT=$COUNT+1
+ CONN_TYPE=`echo "$LINE" | awk -F, '{ print $5 }'`
+ if [ "$CONN_TYPE" != "net" ]; then
+ continue
+ fi
+ iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk -F, '{ print $13 }'` --dport 80 -j RETURN
+ done < $FILE
+
if [ "$RED_TYPE" == "STATIC" ]; then
iptables -t nat -A SQUID -i $1 -p tcp -d $RED_NETADDRESS/$RED_NETMASK --dport 80 -j RETURN
fi