diff options
| author | jim-p <jimp@pfsense.org> | 2015-10-12 11:02:44 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2015-10-12 11:03:21 -0400 |
| commit | b7603875ac7121f963ec5a41c49de42ceb2e249f (patch) | |
| tree | b85a79f27894a892b9fe2b889982ca572f18ecf9 /config/ftpproxy/ftpproxy.inc | |
| parent | 962d6b0bbe07c96776950a24a06043cd295ce26c (diff) | |
| download | pfsense-packages-b7603875ac7121f963ec5a41c49de42ceb2e249f.tar.gz pfsense-packages-b7603875ac7121f963ec5a41c49de42ceb2e249f.tar.bz2 pfsense-packages-b7603875ac7121f963ec5a41c49de42ceb2e249f.zip | |
Add an option to the FTP proxy package to allow the firewall rule anchor to be placed before all other rules.
Diffstat (limited to 'config/ftpproxy/ftpproxy.inc')
| -rw-r--r-- | config/ftpproxy/ftpproxy.inc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/config/ftpproxy/ftpproxy.inc b/config/ftpproxy/ftpproxy.inc index 386a1d84..cc2aa27a 100644 --- a/config/ftpproxy/ftpproxy.inc +++ b/config/ftpproxy/ftpproxy.inc @@ -125,6 +125,11 @@ function ftpproxy_generate_rules($type) { global $config; $cf = $config['installedpackages']['ftpclientproxy']['config'][0]; $interface_list = explode(",", $cf['localints']); + if ($cf['earlyrule']) { + $ruletype = "pfearly"; + } else { + $ruletype = "filter"; + } /* Proxy is not enabled, therefore, no rules/anchors. */ if ($cf["proxy_enable"] != "on") { @@ -164,7 +169,7 @@ function ftpproxy_generate_rules($type) { $rules .= "rdr pass on {$interface} inet proto tcp from any to any port 21 -> 127.0.0.1 port " . ftpproxy_get_port() . "\n"; } break; - case "filter": + case $ruletype: $rules .= "anchor \"ftp-proxy/*\"\n"; // $rules = "pass out proto tcp from any to any port 21\n"; break; |