From mboxrd@z Thu Jan  1 00:00:00 1970
From: Erik Kapfer <erik.kapfer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] squid: Exclude OpenVPN remote subnets from transparent proxy
Date: Tue, 19 Jun 2018 15:53:05 +0200
Message-ID: <1529416385-19921-1-git-send-email-erik.kapfer@ipfire.org>
In-Reply-To: <1529346727-14526-1-git-send-email-erik.kapfer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3482034517962706847=="
List-Id: <development.lists.ipfire.org>

--===============3482034517962706847==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Fix for bug #11614
Some cosmetics has also been done in the IPSec subnet exclusion section.

Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
---
 src/initscripts/system/squid | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/initscripts/system/squid b/src/initscripts/system/squid
index 7255c0a..9c11255 100644
--- a/src/initscripts/system/squid
+++ b/src/initscripts/system/squid
@@ -25,17 +25,23 @@ transparent() {
 			exit 1
 		fi
=20
-		COUNT=3D1
-		FILE=3D/var/ipfire/vpn/config
+		# Exclude IPSec N2N remote subnets from transparent proxy
+		while read IPSECREMOTESUBNET; do
+			CONN_TYPE=3D$(echo "$IPSECREMOTESUBNET" | awk -F, '{ print $5 }')
+			if [ "$CONN_TYPE" !=3D "net" ]; then
+				continue
+			fi
+			iptables -t nat -A SQUID -i $1 -p tcp -d $(echo "$IPSECREMOTESUBNET" | aw=
k -F, '{ print $13 }') --dport 80 -j RETURN
+		done < /var/ipfire/vpn/config
=20
-		while read LINE; do
-			let COUNT=3D$COUNT+1
-			CONN_TYPE=3D`echo "$LINE" | awk -F, '{ print $5 }'`
+		# Exclude OpenVPN N2N remote subnets from transparent proxy
+		while read OVPNREMOTESUBNET; do
+			CONN_TYPE=3D$(echo "$OVPNREMOTESUBNET" | awk -F, '{ print $5 }')
 			if [ "$CONN_TYPE" !=3D "net" ]; then
 				continue
 			fi
-		iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk -F, '{ print =
$13 }'` --dport 80 -j RETURN
-		done < $FILE
+			iptables -t nat -A SQUID -i $1 -p tcp -d $(echo "$OVPNREMOTESUBNET" | awk=
 -F, '{ print $13 }') --dport 80 -j RETURN
+		done < /var/ipfire/ovpn/ovpnconfig
=20
 		if [ "$RED_TYPE" =3D=3D "STATIC" ]; then
 			iptables -t nat -A SQUID -i $1 -p tcp -d $RED_NETADDRESS/$RED_NETMASK --d=
port 80 -j RETURN
--=20
2.7.4


--===============3482034517962706847==--