www/squid: remove allowed default IPv6 networks

www/squid/src/opnsense/service/templates/OPNsense/Proxy/squid.acl.conf

@@ -222,15 +222,18 @@ http_access allow local_auth
 
 #
 # ACL - localnet - default these include ranges from selected interfaces (Allow local subnets)
-{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
-{%   if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %}
+{% if helpers.exists('OPNsense.proxy.forward.addACLforInterfaceSubnets') and OPNsense.proxy.forward.addACLforInterfaceSubnets == '1'
+      and helpers.exists('OPNsense.proxy.forward.interfaces') and OPNsense.proxy.forward.interfaces != '' %}
+{%   if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
+{%     if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %}
 adaptation_access response_mod allow localnet
-{%   endif %}
-{%   if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %}
+{%     endif %}
+{%     if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %}
 adaptation_access request_mod allow localnet
+{%     endif %}
 {%   endif %}
-{% endif %}
 http_access allow localnet
+{% endif %}
 
 # ACL - localhost
 {% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}

www/squid/src/opnsense/service/templates/OPNsense/Proxy/squid.conf

@@ -144,9 +144,6 @@ acl localnet src {{intf_item.subnet}}/{{intf_item.subnet_bits}} # Possible inter
 {%      endif %}
 {%  endif %}
 {% endif %}
-# Default allow for local-link and private networks
-acl localnet src fc00::/7       # RFC 4193 local private network range
-acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
 
 # ACL - Allow localhost for PURGE cache if enabled
 {% if helpers.exists('OPNsense.proxy.general.cache.local') and OPNsense.proxy.general.cache.local.enabled == '1' %}