squid: Exclude OpenVPN remote subnets from transparent proxy
Commit Message
Fix for bug #11614
Some cosmetics has also been done in the IPSec subnet exclusion section.
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
---
src/initscripts/system/squid | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
@@ -25,17 +25,23 @@ transparent() {
exit 1
fi
- COUNT=1
- FILE=/var/ipfire/vpn/config
+ # Exclude IPSec N2N remote subnets from transparent proxy
+ while read IPSECREMOTESUBNET; do
+ CONN_TYPE=$(echo "$IPSECREMOTESUBNET" | awk -F, '{ print $5 }')
+ if [ "$CONN_TYPE" != "net" ]; then
+ continue
+ fi
+ iptables -t nat -A SQUID -i $1 -p tcp -d $(echo "$IPSECREMOTESUBNET" | awk -F, '{ print $13 }') --dport 80 -j RETURN
+ done < /var/ipfire/vpn/config
- while read LINE; do
- let COUNT=$COUNT+1
- CONN_TYPE=`echo "$LINE" | awk -F, '{ print $5 }'`
+ # Exclude OpenVPN N2N remote subnets from transparent proxy
+ while read OVPNREMOTESUBNET; do
+ CONN_TYPE=$(echo "$OVPNREMOTESUBNET" | awk -F, '{ print $5 }')
if [ "$CONN_TYPE" != "net" ]; then
continue
fi
- iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk -F, '{ print $13 }'` --dport 80 -j RETURN
- done < $FILE
+ iptables -t nat -A SQUID -i $1 -p tcp -d $(echo "$OVPNREMOTESUBNET" | awk -F, '{ print $13 }') --dport 80 -j RETURN
+ done < /var/ipfire/ovpn/ovpnconfig
if [ "$RED_TYPE" == "STATIC" ]; then
iptables -t nat -A SQUID -i $1 -p tcp -d $RED_NETADDRESS/$RED_NETMASK --dport 80 -j RETURN