proxyi / acl, fix v6 addresses, add missing interface networks for v6, make comments a bit more verbose. for https://github.com/opnsense/core/issues/1919

2026-03-18 10:35:27 +00:00 · 2017-11-11 10:40:12 +01:00 · 2017-11-11 10:40:12 +01:00 · 20cf2eb64d
commit 20cf2eb64d
parent 97be1979a7
1 changed files with 7 additions and 4 deletions
--- a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@ -118,13 +118,16 @@ ftp_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.ftpPort }} accel ftp-tra
 {%      for interface in OPNsense.proxy.forward.interfaces.split(",") %}
 {%          for intf_key,intf_item in interfaces.iteritems() %}
 {%              if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
-acl localnet src {{ helpers.getIPNetwork(intf_item.ipaddr+'/'+intf_item.subnet)[0].format() }}/{{intf_item.subnet}} # Possible internal network
+acl localnet src {{ helpers.getIPNetwork(intf_item.ipaddr+'/'+intf_item.subnet)[0].format() }}/{{intf_item.subnet}} # Possible internal network (interfaces v4)
 {%              endif %}
+{%              if intf_key == interface and intf_item.ipaddrv6 and intf_item.ipaddrv6.find(':') > -1 %}
+acl localnet src {{helpers.getIPNetwork(intf_item.ipaddrv6+'/'+intf_item.subnetv6)[0].format()}}/{{intf_item.subnetv6}} # Possible internal network (interfaces v6)
+{%		endif %}
 {%          endfor %}
-{%          if helpers.exists('virtualip') %}
-{%              for intf_key,intf_item in virtualip.iteritems() %}
+{%          if helpers.exists('virtualip.vip') %}
+{%              for intf_item in helpers.toList('virtualip.vip') %}
 {%                  if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
-acl localnet src {{intf_item.subnet}}/{{intf_item.subnet}} # Possible internal network
+acl localnet src {{intf_item.subnet}}/{{intf_item.subnet_bits}} # Possible internal network (aliases)
 {%                  endif %}
 {%              endfor %}
 {%          endif %}