From b7603875ac7121f963ec5a41c49de42ceb2e249f Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Mon, 12 Oct 2015 11:02:44 -0400
Subject: Add an option to the FTP proxy package to allow the firewall rule
 anchor to be placed before all other rules.

---
 config/ftpproxy/ftpproxy.inc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'config/ftpproxy/ftpproxy.inc')

diff --git a/config/ftpproxy/ftpproxy.inc b/config/ftpproxy/ftpproxy.inc
index 386a1d84..cc2aa27a 100644
--- a/config/ftpproxy/ftpproxy.inc
+++ b/config/ftpproxy/ftpproxy.inc
@@ -125,6 +125,11 @@ function ftpproxy_generate_rules($type) {
 	global $config;
 	$cf = $config['installedpackages']['ftpclientproxy']['config'][0];
 	$interface_list = explode(",", $cf['localints']);
+	if ($cf['earlyrule']) {
+		$ruletype = "pfearly";
+	} else {
+		$ruletype = "filter";
+	}
 
 	/* Proxy is not enabled, therefore, no rules/anchors. */
 	if ($cf["proxy_enable"] != "on") {
@@ -164,7 +169,7 @@ function ftpproxy_generate_rules($type) {
 				$rules .= "rdr pass on {$interface} inet proto tcp from any to any port 21 -> 127.0.0.1 port " . ftpproxy_get_port() . "\n";
 			}
 			break;
-		case "filter":
+		case $ruletype:
 			$rules .= "anchor \"ftp-proxy/*\"\n";
 			// $rules = "pass out proto tcp from any to any port 21\n";
 			break;
-- 
cgit v1.2.3