webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 03:33:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

proxy.cgi: Move ACL definitions up

Browse Source 
ACl definitions could not be used in some other directives
unless they are defined earlier.
This commit is contained in:
Michael Tremer
2014-08-28 17:01:44 +02:00
parent 94b3d7d2f2
commit 8fbcf730ae
1 changed files with 42 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
html/cgi-bin/proxy.cgi
View File

@@ -3221,6 +3221,48 @@ END
print FILE "\n"; print FILE "\n";
} }
open (PORTS,"$acl_ports_ssl");
my @ssl_ports = <PORTS>;
close PORTS;
if (@ssl_ports) {
foreach (@ssl_ports) {
print FILE "acl SSL_ports port $_";
}
}
open (PORTS,"$acl_ports_safe");
my @safe_ports = <PORTS>;
close PORTS;
if (@safe_ports) {
foreach (@safe_ports) {
print FILE "acl Safe_ports port $_";
}
}
print FILE <<END
acl IPFire_http port $http_port
acl IPFire_https port $https_port
acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'}
acl IPFire_networks src "$acl_src_subnets"
acl IPFire_servers dst "$acl_src_subnets"
acl IPFire_green_network src $green_cidr
acl IPFire_green_servers dst $green_cidr
END
;
if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; }
if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; }
if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src \"$acl_src_banned_ip\"\n"; }
if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp \"$acl_src_banned_mac\"\n"; }
if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
print FILE <<END
acl CONNECT method CONNECT
END
;
if ($proxysettings{'CACHE_SIZE'} > 0) { if ($proxysettings{'CACHE_SIZE'} > 0) {
print FILE <<END print FILE <<END
maximum_object_size $proxysettings{'MAX_SIZE'} KB maximum_object_size $proxysettings{'MAX_SIZE'} KB
@@ -3502,48 +3544,6 @@ END
print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n"; print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
} }
open (PORTS,"$acl_ports_ssl");
my @ssl_ports = <PORTS>;
close PORTS;
if (@ssl_ports) {
foreach (@ssl_ports) {
print FILE "acl SSL_ports port $_";
}
}
open (PORTS,"$acl_ports_safe");
my @safe_ports = <PORTS>;
close PORTS;
if (@safe_ports) {
foreach (@safe_ports) {
print FILE "acl Safe_ports port $_";
}
}
print FILE <<END
acl IPFire_http port $http_port
acl IPFire_https port $https_port
acl IPFire_ips dst $netsettings{'GREEN_ADDRESS'}
acl IPFire_networks src "$acl_src_subnets"
acl IPFire_servers dst "$acl_src_subnets"
acl IPFire_green_network src $green_cidr
acl IPFire_green_servers dst $green_cidr
END
;
if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_network src $blue_cidr\n"; }
if ($netsettings{'BLUE_DEV'}) { print FILE "acl IPFire_blue_servers dst $blue_cidr\n"; }
if (!-z $acl_src_banned_ip) { print FILE "acl IPFire_banned_ips src \"$acl_src_banned_ip\"\n"; }
if (!-z $acl_src_banned_mac) { print FILE "acl IPFire_banned_mac arp \"$acl_src_banned_mac\"\n"; }
if (!-z $acl_src_unrestricted_ip) { print FILE "acl IPFire_unrestricted_ips src \"$acl_src_unrestricted_ip\"\n"; }
if (!-z $acl_src_unrestricted_mac) { print FILE "acl IPFire_unrestricted_mac arp \"$acl_src_unrestricted_mac\"\n"; }
print FILE <<END
acl CONNECT method CONNECT
END
;
if ($proxysettings{'CLASSROOM_EXT'} eq 'on') { if ($proxysettings{'CLASSROOM_EXT'} eq 'on') {
print FILE <<END print FILE <<END