From patchwork Thu Aug  5 13:28:30 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Tremer <michael.tremer@ipfire.org>
X-Patchwork-Id: 4602
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4GgTvy1R8vz3xGv
	for <patchwork@web04.haj.ipfire.org>; Thu,  5 Aug 2021 13:28:46 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4GgTvw5b5rz2M9;
	Thu,  5 Aug 2021 13:28:44 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4GgTvw4bpMz2yRd;
	Thu,  5 Aug 2021 13:28:44 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4GgTvt5p0Tz2xLV
 for <development@lists.ipfire.org>; Thu,  5 Aug 2021 13:28:42 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4GgTvt0Wtqzjv;
 Thu,  5 Aug 2021 13:28:42 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1628170122;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=a59kJnGoSpGoZPvMq+ZB4Jq8kzBpFVf5yB2k7VRykwk=;
 b=rT3wVQg8DrHF5IC8I2eygXi1v1EhxXBmrn8Y4cpd/khkoz6ktL4D6qN/B93M2IrXTkvr9N
 lfQr3tP/AVJgVHAQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1628170122;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=a59kJnGoSpGoZPvMq+ZB4Jq8kzBpFVf5yB2k7VRykwk=;
 b=a1F5udXQFusrIJzxPVI+NwMjScAqFNjgAM1MmoGVJgc+DYG7KN/gUzZxNMH76woqi0mp+t
 hNSwHYMgusbxsDkjVmRzsZIhfoTBqf76f4c2egMNsBPk6m0itLhO2NgirusswNh9zSOERF
 ofIWLuOwFe1lbv2jyFEdZ4VnICQFbYJuWDyloLHCEEnOY1rnDWB1IVkbf5CELec9r1nma4
 QvM2Y7Or5Fsl7j/1c5qsG3yV7ThKDkUwW702GZn9IHPNs4SE6g6VqMoTSnFqF4Fgtkb+nI
 YHmg7TYKxnY1l9VOn/GFBWnGdeKB1qFgbGQN9Ih0yfZLdQTnrLeSOmZVuxxD3w==
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/3] No longer disable proxy when GREEN isn't present
Date: Thu,  5 Aug 2021 13:28:30 +0000
Message-Id: <20210805132832.7645-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/cfgroot/header.pl | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl
index 83ef01951..79accbe8a 100644
--- a/config/cfgroot/header.pl
+++ b/config/cfgroot/header.pl
@@ -181,13 +181,6 @@ sub genmenu {
         $menu->{'03.network'}{'subMenu'}->{'80.macadressmenu'}{'enabled'} = 0;
         $menu->{'03.network'}{'subMenu'}->{'90.wakeonlan'}{'enabled'} = 0;
     }
-
-    # Disable proxy when no GREEN is available
-    if (!&green_used()) {
-        $menu->{'03.network'}{'subMenu'}->{'20.proxy'}{'enabled'} = 0;
-        $menu->{'03.network'}{'subMenu'}->{'21.urlfilter'}{'enabled'} = 0;
-        $menu->{'03.network'}{'subMenu'}->{'22.updxlrator'}{'enabled'} = 0;
-    }
   }
 }
 

From patchwork Thu Aug  5 13:28:31 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Tremer <michael.tremer@ipfire.org>
X-Patchwork-Id: 4603
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4GgTvz1dczz3xHZ
	for <patchwork@web04.haj.ipfire.org>; Thu,  5 Aug 2021 13:28:47 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4GgTvw6wm5z6Xf;
	Thu,  5 Aug 2021 13:28:44 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4GgTvw5JMsz2yqc;
	Thu,  5 Aug 2021 13:28:44 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4GgTvt6TDcz2xs0
 for <development@lists.ipfire.org>; Thu,  5 Aug 2021 13:28:42 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4GgTvt5JTlz2M9;
 Thu,  5 Aug 2021 13:28:42 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1628170122;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=h8LOqPH3NNutw5XgRuVgWxAvDqyg7yj8H91p8O/hnp8=;
 b=UV6JPne3KjL7dqzdePByNPy/R+OyUPsdnM9n4uBNIx1BMzfKND4A9i0flNk4ZJf8Dz6fW0
 fUs+zEUodcWEjaBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1628170122;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=h8LOqPH3NNutw5XgRuVgWxAvDqyg7yj8H91p8O/hnp8=;
 b=hV3QZ+5QvdbmCmsF/AHTTZnEmemKztR4KH9lrKgS7pGZ1E2QTDBjcdOd8oIq8nzsLj2+YC
 ZpwHNfzmPEEZjfOH+AslXX5nYmxwtkEQyJojd+dHvoJzFgwHJ/ZWEUz2xe8IvnzDa2PTM9
 ruy9xivZpc3AnK3r4uv6xBZL8kM8rPJHlgERttMzA6GzGqVq9eD0wmkpdmxKhnqDHb0EgX
 lB05iY3f2E/7582S2EIjc1U8rlUaLixn7kQ+qzz4YZcFsnniANM22vQswBqF16W2P6DKz/
 ti8X91amFndBIs6AKWd0JVRwnSeRHRoBdDZPfe0iCv3TkD4YfXxnLGP2Q6DybQ==
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/3] proxy.cgi: Support running proxy without GREEN
Date: Thu,  5 Aug 2021 13:28:31 +0000
Message-Id: <20210805132832.7645-2-michael.tremer@ipfire.org>
In-Reply-To: <20210805132832.7645-1-michael.tremer@ipfire.org>
References: <20210805132832.7645-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/proxy.cgi | 62 ++++++++++++++++++++++++++++--------------
 1 file changed, 42 insertions(+), 20 deletions(-)

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 1b949d5b6..b973a8ff7 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -166,7 +166,11 @@ my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
 
-my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
+my $green_cidr = "";
+if (&Header::green_used() && $netsettings{'GREEN_DEV'}) {
+	$green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
+}
+
 my $blue_cidr = "";
 if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
 	$blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
@@ -1191,9 +1195,11 @@ END
 
 if (!$proxysettings{'SRC_SUBNETS'})
 {
-	print "$green_cidr\n";
-	if ($netsettings{'BLUE_DEV'})
-	{
+	if (&Header::green_used()) {
+		print "$green_cidr\n";
+	}
+
+	if (&Header::blue_used()) {
 		print "$blue_cidr\n";
 	}
 } else { print $proxysettings{'SRC_SUBNETS'}; }
@@ -1798,8 +1804,11 @@ print <<END
 END
 ;
 if (!$proxysettings{'IDENT_HOSTS'}) {
-	print "$green_cidr\n";
-	if ($netsettings{'BLUE_DEV'}) {
+	if (&Header::green_used()) {
+		print "$green_cidr\n";
+	}
+
+	if (&Header::blue_used()) {
 		print "$blue_cidr\n";
 	}
 } else {
@@ -2670,9 +2679,11 @@ sub write_acls
 	flock(FILE, 2);
 	if (!$proxysettings{'SRC_SUBNETS'})
 	{
-		print FILE "$green_cidr\n";
-		if ($netsettings{'BLUE_DEV'})
-		{
+		if (&Header::green_used()) {
+			print FILE "$green_cidr\n";
+		}
+
+		if (&Header::blue_used()) {
 			print FILE "$blue_cidr\n";
 		}
 	} else { print FILE $proxysettings{'SRC_SUBNETS'}; }
@@ -3068,11 +3079,15 @@ END
 		print FILE "include /etc/squid/squid.conf.pre.local\n\n";
 	}
 
-	print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
+	if (&Header::green_used()) {
+		print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}";
+	} else {
+		print FILE "http_port 0.0.0.0:$proxysettings{'PROXY_PORT'}";
+	}
 	if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
 	print FILE "\n";
 
-	if ($proxysettings{'TRANSPARENT'} eq 'on') {
+	if (&Header::green_used() && $proxysettings{'TRANSPARENT'} eq 'on') {
 		print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept";
 		if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" }
 		print FILE "\n";
@@ -3156,17 +3171,20 @@ END
 		}
 	}
 
-	print FILE <<END
-
+	print FILE <<END;
+acl IPFire_ips dst 127.0.0.1
 acl IPFire_http  port $http_port
 acl IPFire_https port $https_port
-acl IPFire_ips              dst $netsettings{'GREEN_ADDRESS'}
 acl IPFire_networks         src "$acl_src_subnets"
 acl IPFire_servers          dst "$acl_src_subnets"
+END
+	if (&Header::green_used()) {
+		print FILE <<END;
+acl IPFire_ips              dst $netsettings{'GREEN_ADDRESS'}
 acl IPFire_green_network    src $green_cidr
 acl IPFire_green_servers    dst $green_cidr
 END
-	;
+	}
 	if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network     src $blue_cidr\n"; }
 	if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers     dst $blue_cidr\n"; }
 	if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips       src \"$acl_src_banned_ip\"\n"; }
@@ -3585,9 +3603,11 @@ if ($delaypools) {
 
 	if ($netsettings{'BLUE_DEV'})
 	{
-		print FILE "delay_access 1 allow IPFire_green_network";
-		if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
-		print FILE "\n";
+		if (&Header::green_used()) {
+			print FILE "delay_access 1 allow IPFire_green_network";
+			if (!-z $acl_dst_throttle) { print FILE " for_throttled_urls"; }
+			print FILE "\n";
+		}
 		print FILE "delay_access 1 deny  all\n";
 	} else {
 		print FILE "delay_access 1 allow all";
@@ -3611,7 +3631,7 @@ if ($delaypools) {
 	print FILE "\n";
 }
 
-if ($proxysettings{'NO_PROXY_LOCAL'} eq 'on')
+if (&Header::green_used() && $proxysettings{'NO_PROXY_LOCAL'} eq 'on')
 {
 	print FILE "#Prevent internal proxy access to Green except IPFire itself\n";
 	print FILE "http_access deny IPFire_green_servers !IPFire_ips !IPFire_green_network\n\n";
@@ -4004,7 +4024,9 @@ sub writecachemgr
 {
 	open(FILE, ">${General::swroot}/proxy/cachemgr.conf");
 	flock(FILE, 2);
-	print FILE "$netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
+	if (&Header::green_used()) {
+		print FILE "$netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
+	}
 	print FILE "localhost";
 	close(FILE);
   return;

From patchwork Thu Aug  5 13:28:32 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Tremer <michael.tremer@ipfire.org>
X-Patchwork-Id: 4604
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4GgTw02RGhz3xGv
	for <patchwork@web04.haj.ipfire.org>; Thu,  5 Aug 2021 13:28:48 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4GgTvx1GHfz6Zb;
	Thu,  5 Aug 2021 13:28:45 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4GgTvw5yG4z2xs0;
	Thu,  5 Aug 2021 13:28:44 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4GgTvv05nRz2xLV
 for <development@lists.ipfire.org>; Thu,  5 Aug 2021 13:28:43 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4GgTvt68TGz36m;
 Thu,  5 Aug 2021 13:28:42 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1628170122;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=hmT+8LjysVwLgYO7HZqFwHWChj8WZi3g0uzVo/9kXME=;
 b=z82RCmTjZyP0eG63DKicGqMZ0n93yd9sci0M3YdAL078Rsml3fKxg7cPSgVag2H8lG1Kf/
 k1TCza3W/Z3m7CAg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1628170122;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=hmT+8LjysVwLgYO7HZqFwHWChj8WZi3g0uzVo/9kXME=;
 b=d7ZaD7YSM0zTKcPsvG0E1JddvkjDXVKqVLhK0TLzIMA/VZiv/VsOASFJryY/8ttbHz+119
 R8rs3WIHMImYvvOzs80sNphvdKdOynT9V0JLxhF37mrhTAK+Og+tlizUqFTVtj0PQbS2c8
 6x5O2BBVKNxDsDNijBKEoqGco94rbdo7AputN6ejbasgwBS6x/JCg8YT12dTxo3wYOq9ZT
 iue2xSubDePOl6BzAg+AUVQwcQDpoAiZk//ygjQ6moHUrqXnLu9qovJfXSOQDH816/UcoP
 IZ8vq15gqf6brXoNcmH5NxFWOLKg0MDXBoZqn3291taqwlHVVzOicAlB/auNYQ==
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 3/3] proxy.cgi: Use sane check for subnet
Date: Thu,  5 Aug 2021 13:28:32 +0000
Message-Id: <20210805132832.7645-3-michael.tremer@ipfire.org>
In-Reply-To: <20210805132832.7645-1-michael.tremer@ipfire.org>
References: <20210805132832.7645-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/proxy.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index b973a8ff7..966593e4d 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -2483,7 +2483,7 @@ sub check_acls
 		s/^\s+//g; s/\s+$//g;
 		if ($_)
 		{
-			unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
+			unless (&Network::check_subnet($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'} . ": $_"; }
 			$proxysettings{'SRC_SUBNETS'} .= $_."\n";
 		}
 	}