aboutsummaryrefslogtreecommitdiffstats
path: root/config/ftpproxy
diff options
context:
space:
mode:
authorRenato Botelho <renato@netgate.com>2015-10-12 13:10:25 -0300
committerRenato Botelho <renato@netgate.com>2015-10-12 13:10:25 -0300
commit01cbf628b0c380390ea05bd0b4aec62240160c1f (patch)
treebe7817999bd1674046c811d12103d94fb605fc45 /config/ftpproxy
parent962d6b0bbe07c96776950a24a06043cd295ce26c (diff)
parent8bf072f84eaf475ab344fb6b9264c6d02cec677f (diff)
downloadpfsense-packages-01cbf628b0c380390ea05bd0b4aec62240160c1f.tar.gz
pfsense-packages-01cbf628b0c380390ea05bd0b4aec62240160c1f.tar.bz2
pfsense-packages-01cbf628b0c380390ea05bd0b4aec62240160c1f.zip
Merge pull request #1095 from doktornotor/patch-1
Diffstat (limited to 'config/ftpproxy')
-rw-r--r--config/ftpproxy/ftpproxy.inc7
-rw-r--r--config/ftpproxy/ftpproxy.xml9
2 files changed, 14 insertions, 2 deletions
diff --git a/config/ftpproxy/ftpproxy.inc b/config/ftpproxy/ftpproxy.inc
index 386a1d84..cc2aa27a 100644
--- a/config/ftpproxy/ftpproxy.inc
+++ b/config/ftpproxy/ftpproxy.inc
@@ -125,6 +125,11 @@ function ftpproxy_generate_rules($type) {
global $config;
$cf = $config['installedpackages']['ftpclientproxy']['config'][0];
$interface_list = explode(",", $cf['localints']);
+ if ($cf['earlyrule']) {
+ $ruletype = "pfearly";
+ } else {
+ $ruletype = "filter";
+ }
/* Proxy is not enabled, therefore, no rules/anchors. */
if ($cf["proxy_enable"] != "on") {
@@ -164,7 +169,7 @@ function ftpproxy_generate_rules($type) {
$rules .= "rdr pass on {$interface} inet proto tcp from any to any port 21 -> 127.0.0.1 port " . ftpproxy_get_port() . "\n";
}
break;
- case "filter":
+ case $ruletype:
$rules .= "anchor \"ftp-proxy/*\"\n";
// $rules = "pass out proto tcp from any to any port 21\n";
break;
diff --git a/config/ftpproxy/ftpproxy.xml b/config/ftpproxy/ftpproxy.xml
index 53740832..d45e4eb6 100644
--- a/config/ftpproxy/ftpproxy.xml
+++ b/config/ftpproxy/ftpproxy.xml
@@ -41,7 +41,7 @@
]]>
</copyright>
<name>FTP Client Proxy</name>
- <version>0.2.2</version>
+ <version>0.3</version>
<title>FTP Client Proxy</title>
<aftersaveredirect>pkg_edit.php?xml=ftpproxy.xml</aftersaveredirect>
<include_file>/usr/local/pkg/ftpproxy.inc</include_file>
@@ -87,6 +87,13 @@
<multiple/>
</field>
<field>
+ <fielddescr>Early Firewall Rule</fielddescr>
+ <fieldname>earlyrule</fieldname>
+ <description>Check this box to move the automatically added FTP rules higher in the ruleset to bypass explicit blocks. Helps allow passive FTP to arbitrary destinations, but FTP will always be allowed outbound when checked.</description>
+ <type>checkbox</type>
+ <default_value>off</default_value>
+ </field>
+ <field>
<fielddescr>Anonymous Only</fielddescr>
<fieldname>anononly</fieldname>
<description>Only permit anonymous FTP connections using the &quot;ftp&quot; or &quot;anonymous&quot; users.</description>