From mboxrd@z Thu Jan  1 00:00:00 1970
From: Erik Kapfer <erik.kapfer@ipfire.org>
To: development@lists.ipfire.org
Subject:
 [PATCH] Squid: Exclude remote OpenVPN-N2N subnet from transparent proxy
Date: Mon, 18 Jun 2018 20:32:07 +0200
Message-ID: <1529346727-14526-1-git-send-email-erik.kapfer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7818492622844256106=="
List-Id: <development.lists.ipfire.org>

--===============7818492622844256106==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Patch is from bug #11614
With the please to deliver it for further review to the dev mailinglist.

Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
---
 src/initscripts/system/squid | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/initscripts/system/squid b/src/initscripts/system/squid
index 7255c0a..267a416 100644
--- a/src/initscripts/system/squid
+++ b/src/initscripts/system/squid
@@ -37,6 +37,17 @@ transparent() {
 		iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk -F, '{ print =
$13 }'` --dport 80 -j RETURN
 		done < $FILE
=20
+		FILE=3D/var/ipfire/ovpn/ovpnconfig
+
+		while read LINE; do
+			let COUNT=3D$COUNT+1
+			CONN_TYPE=3D`echo "$LINE" | awk -F, '{ print $5 }'`
+			if [ "$CONN_TYPE" !=3D "net" ]; then
+				continue
+			fi
+		iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk -F, '{ print =
$13 }'` --dport 80 -j RETURN
+		done < $FILE
+
 		if [ "$RED_TYPE" =3D=3D "STATIC" ]; then
 			iptables -t nat -A SQUID -i $1 -p tcp -d $RED_NETADDRESS/$RED_NETMASK --d=
port 80 -j RETURN
 		fi
--=20
2.7.4


--===============7818492622844256106==--