Fix for bug #11614 Some cosmetics has also been done in the IPSec subnet exclusion section.
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org --- src/initscripts/system/squid | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/src/initscripts/system/squid b/src/initscripts/system/squid index 7255c0a..9c11255 100644 --- a/src/initscripts/system/squid +++ b/src/initscripts/system/squid @@ -25,17 +25,23 @@ transparent() { exit 1 fi
- COUNT=1 - FILE=/var/ipfire/vpn/config + # Exclude IPSec N2N remote subnets from transparent proxy + while read IPSECREMOTESUBNET; do + CONN_TYPE=$(echo "$IPSECREMOTESUBNET" | awk -F, '{ print $5 }') + if [ "$CONN_TYPE" != "net" ]; then + continue + fi + iptables -t nat -A SQUID -i $1 -p tcp -d $(echo "$IPSECREMOTESUBNET" | awk -F, '{ print $13 }') --dport 80 -j RETURN + done < /var/ipfire/vpn/config
- while read LINE; do - let COUNT=$COUNT+1 - CONN_TYPE=`echo "$LINE" | awk -F, '{ print $5 }'` + # Exclude OpenVPN N2N remote subnets from transparent proxy + while read OVPNREMOTESUBNET; do + CONN_TYPE=$(echo "$OVPNREMOTESUBNET" | awk -F, '{ print $5 }') if [ "$CONN_TYPE" != "net" ]; then continue fi - iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk -F, '{ print $13 }'` --dport 80 -j RETURN - done < $FILE + iptables -t nat -A SQUID -i $1 -p tcp -d $(echo "$OVPNREMOTESUBNET" | awk -F, '{ print $13 }') --dport 80 -j RETURN + done < /var/ipfire/ovpn/ovpnconfig
if [ "$RED_TYPE" == "STATIC" ]; then iptables -t nat -A SQUID -i $1 -p tcp -d $RED_NETADDRESS/$RED_NETMASK --dport 80 -j RETURN