Fix for bug #11614 Set other variable name for better understanding. Set another variable for remote subnet searcher to make the IPTables command better understandable. Deleted COUNTER lines since they are never used. Deleted variable to VPN configuration files since both are used only once. All changes has also been applied to IPSec section.
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org --- src/initscripts/system/squid | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/src/initscripts/system/squid b/src/initscripts/system/squid index 7255c0a..81a132b 100644 --- a/src/initscripts/system/squid +++ b/src/initscripts/system/squid @@ -25,17 +25,25 @@ transparent() { exit 1 fi
- COUNT=1 - FILE=/var/ipfire/vpn/config + # Exclude IPSec N2N remote subnets from transparent proxy + while read IPSECREMOTENET; do + CONN_TYPE=$(echo "$IPSECREMOTENET" | awk -F, '{ print $5 }') + IPSEC_REMOTE_SUBNET=$(echo "$IPSECREMOTENET" | awk -F, '{ print $13 }') + if [ "$CONN_TYPE" != "net" ]; then + continue + fi + iptables -t nat -A SQUID -i $1 -p tcp -d ${IPSEC_REMOTE_SUBNET} --dport 80 -j RETURN + done < /var/ipfire/vpn/config
- while read LINE; do - let COUNT=$COUNT+1 - CONN_TYPE=`echo "$LINE" | awk -F, '{ print $5 }'` + # Exclude OpenVPN N2N remote subnets from transparent proxy + while read OVPNREMOTENET; do + CONN_TYPE=$(echo "$OVPNREMOTENET" | awk -F, '{ print $5 }') + OVPN_REMOTE_SUBNET=$(echo "$OVPNREMOTENET" | awk -F, '{ print $13 }') if [ "$CONN_TYPE" != "net" ]; then continue fi - iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk -F, '{ print $13 }'` --dport 80 -j RETURN - done < $FILE + iptables -t nat -A SQUID -i $1 -p tcp -d ${OVPN_REMOTE_SUBNET} --dport 80 -j RETURN + done < /var/ipfire/ovpn/ovpnconfig
if [ "$RED_TYPE" == "STATIC" ]; then iptables -t nat -A SQUID -i $1 -p tcp -d $RED_NETADDRESS/$RED_NETMASK --dport 80 -j RETURN