2 # Enable or disable the iptables rule
4 require './squid-lib.pl';
5 &foreign_require("firewall", "firewall-lib.pl");
7 $port = &get_squid_port();
8 &error_setup($text{'iptables_err'});
12 if ($in{'enabled'} == 1) {
13 &to_ipaddress($in{'net'}) ||
14 ($in{'net'} =~ /^([0-9\.]+)\/(\d+)$/ &&
15 &check_ipaddress($1) && $2 > 0 && $2 <= 32) ||
16 &error($text{'iptables_enet'});
18 elsif ($in{'enabled'} == 2) {
19 $iface = $in{'iface'} eq 'other' ? $in{'iface_other'} : $in{'iface'};
20 $iface =~ /^\S+$/ || &error($text{'iptables_eiface'});
24 @tables = &firewall::get_iptables_save();
25 ($nat) = grep { $_->{'name'} eq 'nat'} @tables;
26 if ($in{'rule'} ne "") {
27 ($rule) = $nat->{'rules'}->[$in{'rule'}];
30 if ($in{'enabled'} && !$rule) {
32 $rule = { 'chain' => 'PREROUTING',
33 'j' => [ '', 'REDIRECT' ],
36 'dport' => [ '', 80 ],
37 'to-ports' => [ '', $port ],
38 ( $iface ? ( 'i' => [ '', $iface ] )
39 : ( 's' => [ '', $in{'net'} ] ) ),
40 'cmt' => 'Forward HTTP connections to Squid proxy' };
41 push(@{$nat->{'rules'}}, $rule);
44 elsif ($in{'enabled'} && $rule) {
48 $rule->{'i'} = [ '', $iface ];
52 $rule->{'s'} = [ '', $in{'net'} ];
56 elsif (!$in{'enabled'} && $rule) {
58 splice(@{$nat->{'rules'}}, $in{'rule'}, 1);
66 # Add appropriate httpd_accel directives
67 &lock_file($config{'squid_conf'});
68 if ($squid_version < 2.6) {
70 &save_directive($conf, "httpd_accel_port",
71 [ { 'name' => 'httpd_accel_port',
72 'values' => [ 80 ] } ]);
73 &save_directive($conf, "httpd_accel_host",
74 [ { 'name' => 'httpd_accel_host',
75 'values' => [ 'virtual' ] } ]);
78 # In Squid 2.6+, acceleration is a port option
79 @ports = &find_config("http_port", $conf);
80 foreach my $p (@ports) {
82 foreach $v (@{$p->{'values'}}) {
83 $trans++ if ($v eq "transparent");
86 push(@{$p->{'values'}}, "transparent");
89 &save_directive($conf, "http_port", \@ports);
92 &unlock_file($config{'squid_conf'});
95 if ($apply && $in{'apply'}) {
96 # Save and apply firewall
97 &lock_file($firewall::iptables_save_file);
98 &firewall::save_table($nat);
99 &unlock_file($firewall::iptables_save_file);
100 $err = &firewall::apply_configuration();
101 &error(&text('iptables_eapply', $err)) if ($err);
104 $err = &apply_configuration();
105 &error(&text('iptables_eapply2', $err)) if ($err);
107 &webmin_log("iptables", $apply);