aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2015-03-09 12:59:34 -0400
committerjim-p <jimp@pfsense.org>2015-03-09 12:59:34 -0400
commitbc0029b7199a8df0cfa4cbd0c327f91611b06be2 (patch)
tree685fc3f6831549f5259c3cb313356d77ed5144f7 /config
parent7f128e8c29466441667d43d16dea7c6992f3fe78 (diff)
downloadpfsense-packages-bc0029b7199a8df0cfa4cbd0c327f91611b06be2.tar.gz
pfsense-packages-bc0029b7199a8df0cfa4cbd0c327f91611b06be2.tar.bz2
pfsense-packages-bc0029b7199a8df0cfa4cbd0c327f91611b06be2.zip
Add source and destination bypass fields for FTP proxy
Diffstat (limited to 'config')
-rw-r--r--config/ftpproxy/ftpproxy.inc16
-rw-r--r--config/ftpproxy/ftpproxy.xml20
2 files changed, 32 insertions, 4 deletions
diff --git a/config/ftpproxy/ftpproxy.inc b/config/ftpproxy/ftpproxy.inc
index 84a6e7cd..7fc54775 100644
--- a/config/ftpproxy/ftpproxy.inc
+++ b/config/ftpproxy/ftpproxy.inc
@@ -75,6 +75,12 @@ function validate_form_ftpproxy($post, &$input_errors) {
if (!empty($post["idletimeout"]) && (is_numeric($post["idletimeout"]) || ($post["idletimeout"] <= 0) || ($post["idletimeout"] > 86400))) {
$input_errors[] = 'You must specify a valid number in the \'Idle Timeout\' field (Between 1 and 86400)';
}
+ if (!empty($post["bypasssrc"]) && !(is_alias($post["bypasssrc"]) || is_subnetv4($post["bypasssrc"]) || is_ipaddr($post["bypasssrc"]))) {
+ $input_errors[] = 'You must specify a valid IP address or alias for Proxy Bypass: Source';
+ }
+ if (!empty($post["bypassdst"]) && !(is_alias($post["bypassdst"]) || is_subnetv4($post["bypassdst"]) || is_ipaddr($post["bypassdst"]))) {
+ $input_errors[] = 'You must specify a valid IP address or alias for Proxy Bypass: Destination';
+ }
}
function ftpproxy_get_port() {
@@ -117,6 +123,16 @@ function ftpproxy_generate_rules($type) {
if (empty($interface)) {
continue;
}
+ if (is_subnetv4($cf["bypasssrc"]) || is_ipaddr($cf["bypasssrc"])) {
+ $rules .= "no rdr on {$interface} inet proto tcp from {$cf['bypasssrc']} to any port 21\n";
+ } elseif (is_alias($cf["bypasssrc"])) {
+ $rules .= "no rdr on {$interface} inet proto tcp from \${$cf['bypasssrc']} to any port 21\n";
+ }
+ if (is_subnetv4($cf["bypassdst"]) || is_ipaddr($cf["bypassdst"])) {
+ $rules .= "no rdr on {$interface} inet proto tcp from any to {$cf['bypassdst']} port 21\n";
+ } elseif (is_alias($cf["bypassdst"])) {
+ $rules .= "no rdr on {$interface} inet proto tcp from any to \${$cf['bypassdst']} port 21\n";
+ }
$rules .= "rdr pass on {$interface} inet proto tcp from any to any port 21 -> 127.0.0.1 port " . ftpproxy_get_port() . "\n";
}
break;
diff --git a/config/ftpproxy/ftpproxy.xml b/config/ftpproxy/ftpproxy.xml
index cb5c6f51..5bd123dc 100644
--- a/config/ftpproxy/ftpproxy.xml
+++ b/config/ftpproxy/ftpproxy.xml
@@ -1,6 +1,6 @@
<packagegui>
<name>FTP Client Proxy</name>
- <version>0.1</version>
+ <version>0.2</version>
<title>FTP Client Proxy</title>
<aftersaveredirect>pkg_edit.php?xml=ftpproxy.xml</aftersaveredirect>
<include_file>/usr/local/pkg/ftpproxy.inc</include_file>
@@ -52,13 +52,25 @@
<field>
<fielddescr>Source Address</fielddescr>
<fieldname>sourceaddr</fieldname>
- <description>Enter a VIP to be the source of outgoing control traffic.</description>
+ <description>Enter a VIP to be the source of outgoing control traffic. Leave blank to use the default WAN IP address.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Proxy Bypass: Source</fielddescr>
+ <fieldname>bypasssrc</fieldname>
+ <description>Enter an IP address or alias for source client host(s) which should bypass the proxy.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Proxy Bypass: Destination</fielddescr>
+ <fieldname>bypassdst</fieldname>
+ <description>Enter an IP address or alias for destination server host(s) which should bypass the proxy.</description>
<type>input</type>
</field>
<field>
<fielddescr>Bind Port (Default: 8021)</fielddescr>
<fieldname>bindport</fieldname>
- <description>Port where the proxy will listen for redirected connections.</description>
+ <description>Port where the proxy will listen for redirected connections. Do not set this to 21.</description>
<type>input</type>
</field>
<field>
@@ -70,7 +82,7 @@
<field>
<fielddescr>Traffic Shaping Queue</fielddescr>
<fieldname>tsq</fieldname>
- <description>Create rules with queue appended, so that data connections can be queued.</description>
+ <description>Create rules with the specified queue appended so that data connections can be queued.</description>
<type>input</type>
</field>
<field>