diff options
author | jim-p <jimp@pfsense.org> | 2015-03-09 12:59:34 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-03-09 12:59:34 -0400 |
commit | bc0029b7199a8df0cfa4cbd0c327f91611b06be2 (patch) | |
tree | 685fc3f6831549f5259c3cb313356d77ed5144f7 /config | |
parent | 7f128e8c29466441667d43d16dea7c6992f3fe78 (diff) | |
download | pfsense-packages-bc0029b7199a8df0cfa4cbd0c327f91611b06be2.tar.gz pfsense-packages-bc0029b7199a8df0cfa4cbd0c327f91611b06be2.tar.bz2 pfsense-packages-bc0029b7199a8df0cfa4cbd0c327f91611b06be2.zip |
Add source and destination bypass fields for FTP proxy
Diffstat (limited to 'config')
-rw-r--r-- | config/ftpproxy/ftpproxy.inc | 16 | ||||
-rw-r--r-- | config/ftpproxy/ftpproxy.xml | 20 |
2 files changed, 32 insertions, 4 deletions
diff --git a/config/ftpproxy/ftpproxy.inc b/config/ftpproxy/ftpproxy.inc index 84a6e7cd..7fc54775 100644 --- a/config/ftpproxy/ftpproxy.inc +++ b/config/ftpproxy/ftpproxy.inc @@ -75,6 +75,12 @@ function validate_form_ftpproxy($post, &$input_errors) { if (!empty($post["idletimeout"]) && (is_numeric($post["idletimeout"]) || ($post["idletimeout"] <= 0) || ($post["idletimeout"] > 86400))) { $input_errors[] = 'You must specify a valid number in the \'Idle Timeout\' field (Between 1 and 86400)'; } + if (!empty($post["bypasssrc"]) && !(is_alias($post["bypasssrc"]) || is_subnetv4($post["bypasssrc"]) || is_ipaddr($post["bypasssrc"]))) { + $input_errors[] = 'You must specify a valid IP address or alias for Proxy Bypass: Source'; + } + if (!empty($post["bypassdst"]) && !(is_alias($post["bypassdst"]) || is_subnetv4($post["bypassdst"]) || is_ipaddr($post["bypassdst"]))) { + $input_errors[] = 'You must specify a valid IP address or alias for Proxy Bypass: Destination'; + } } function ftpproxy_get_port() { @@ -117,6 +123,16 @@ function ftpproxy_generate_rules($type) { if (empty($interface)) { continue; } + if (is_subnetv4($cf["bypasssrc"]) || is_ipaddr($cf["bypasssrc"])) { + $rules .= "no rdr on {$interface} inet proto tcp from {$cf['bypasssrc']} to any port 21\n"; + } elseif (is_alias($cf["bypasssrc"])) { + $rules .= "no rdr on {$interface} inet proto tcp from \${$cf['bypasssrc']} to any port 21\n"; + } + if (is_subnetv4($cf["bypassdst"]) || is_ipaddr($cf["bypassdst"])) { + $rules .= "no rdr on {$interface} inet proto tcp from any to {$cf['bypassdst']} port 21\n"; + } elseif (is_alias($cf["bypassdst"])) { + $rules .= "no rdr on {$interface} inet proto tcp from any to \${$cf['bypassdst']} port 21\n"; + } $rules .= "rdr pass on {$interface} inet proto tcp from any to any port 21 -> 127.0.0.1 port " . ftpproxy_get_port() . "\n"; } break; diff --git a/config/ftpproxy/ftpproxy.xml b/config/ftpproxy/ftpproxy.xml index cb5c6f51..5bd123dc 100644 --- a/config/ftpproxy/ftpproxy.xml +++ b/config/ftpproxy/ftpproxy.xml @@ -1,6 +1,6 @@ <packagegui> <name>FTP Client Proxy</name> - <version>0.1</version> + <version>0.2</version> <title>FTP Client Proxy</title> <aftersaveredirect>pkg_edit.php?xml=ftpproxy.xml</aftersaveredirect> <include_file>/usr/local/pkg/ftpproxy.inc</include_file> @@ -52,13 +52,25 @@ <field> <fielddescr>Source Address</fielddescr> <fieldname>sourceaddr</fieldname> - <description>Enter a VIP to be the source of outgoing control traffic.</description> + <description>Enter a VIP to be the source of outgoing control traffic. Leave blank to use the default WAN IP address.</description> + <type>input</type> + </field> + <field> + <fielddescr>Proxy Bypass: Source</fielddescr> + <fieldname>bypasssrc</fieldname> + <description>Enter an IP address or alias for source client host(s) which should bypass the proxy.</description> + <type>input</type> + </field> + <field> + <fielddescr>Proxy Bypass: Destination</fielddescr> + <fieldname>bypassdst</fieldname> + <description>Enter an IP address or alias for destination server host(s) which should bypass the proxy.</description> <type>input</type> </field> <field> <fielddescr>Bind Port (Default: 8021)</fielddescr> <fieldname>bindport</fieldname> - <description>Port where the proxy will listen for redirected connections.</description> + <description>Port where the proxy will listen for redirected connections. Do not set this to 21.</description> <type>input</type> </field> <field> @@ -70,7 +82,7 @@ <field> <fielddescr>Traffic Shaping Queue</fielddescr> <fieldname>tsq</fieldname> - <description>Create rules with queue appended, so that data connections can be queued.</description> + <description>Create rules with the specified queue appended so that data connections can be queued.</description> <type>input</type> </field> <field> |