From b7603875ac7121f963ec5a41c49de42ceb2e249f Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Mon, 12 Oct 2015 11:02:44 -0400
Subject: Add an option to the FTP proxy package to allow the firewall rule
 anchor to be placed before all other rules.

---
 config/ftpproxy/ftpproxy.inc | 7 ++++++-
 config/ftpproxy/ftpproxy.xml | 9 ++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/ftpproxy/ftpproxy.inc b/config/ftpproxy/ftpproxy.inc
index 386a1d84..cc2aa27a 100644
--- a/config/ftpproxy/ftpproxy.inc
+++ b/config/ftpproxy/ftpproxy.inc
@@ -125,6 +125,11 @@ function ftpproxy_generate_rules($type) {
 	global $config;
 	$cf = $config['installedpackages']['ftpclientproxy']['config'][0];
 	$interface_list = explode(",", $cf['localints']);
+	if ($cf['earlyrule']) {
+		$ruletype = "pfearly";
+	} else {
+		$ruletype = "filter";
+	}
 
 	/* Proxy is not enabled, therefore, no rules/anchors. */
 	if ($cf["proxy_enable"] != "on") {
@@ -164,7 +169,7 @@ function ftpproxy_generate_rules($type) {
 				$rules .= "rdr pass on {$interface} inet proto tcp from any to any port 21 -> 127.0.0.1 port " . ftpproxy_get_port() . "\n";
 			}
 			break;
-		case "filter":
+		case $ruletype:
 			$rules .= "anchor \"ftp-proxy/*\"\n";
 			// $rules = "pass out proto tcp from any to any port 21\n";
 			break;
diff --git a/config/ftpproxy/ftpproxy.xml b/config/ftpproxy/ftpproxy.xml
index 53740832..d45e4eb6 100644
--- a/config/ftpproxy/ftpproxy.xml
+++ b/config/ftpproxy/ftpproxy.xml
@@ -41,7 +41,7 @@
 	]]>
 	</copyright>
 	<name>FTP Client Proxy</name>
-	<version>0.2.2</version>
+	<version>0.3</version>
 	<title>FTP Client Proxy</title>
 	<aftersaveredirect>pkg_edit.php?xml=ftpproxy.xml</aftersaveredirect>
 	<include_file>/usr/local/pkg/ftpproxy.inc</include_file>
@@ -86,6 +86,13 @@
 			<required/>
 			<multiple/>
 		</field>
+		<field>
+			<fielddescr>Early Firewall Rule</fielddescr>
+			<fieldname>earlyrule</fieldname>
+			<description>Check this box to move the automatically added FTP rules higher in the ruleset to bypass explicit blocks. Helps allow passive FTP to arbitrary destinations, but FTP will always be allowed outbound when checked.</description>
+			<type>checkbox</type>
+			<default_value>off</default_value>
+		</field>
 		<field>
 			<fielddescr>Anonymous Only</fielddescr>
 			<fieldname>anononly</fieldname>
-- 
cgit v1.2.3


From 8bf072f84eaf475ab344fb6b9264c6d02cec677f Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Mon, 12 Oct 2015 18:06:09 +0200
Subject: Fit the package manager idiocy with trailing slash

Seriously, people? It cannot handle this and mangles things includesquid_antivirus_status.inc and  widgetssquid_antivirus_status.widget.php? Kindly fix the thing.
---
 config/squid3/34/squid.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml
index f0289e6e..a7b53fca 100644
--- a/config/squid3/34/squid.xml
+++ b/config/squid3/34/squid.xml
@@ -128,7 +128,7 @@
 		<item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus.inc</item>
 	</additional_files_needed>
 	<additional_files_needed>
-		<prefix>/usr/local/www/widgets/include</prefix>
+		<prefix>/usr/local/www/widgets/include/</prefix>
 		<item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus_status.inc</item>
 	</additional_files_needed>
 	<additional_files_needed>
@@ -204,7 +204,7 @@
 	<!-- END XML files -->
 	<!-- START additional PHP files -->
 	<additional_files_needed>
-		<prefix>/usr/local/www/widgets/widgets</prefix>
+		<prefix>/usr/local/www/widgets/widgets/</prefix>
 		<item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus_status.widget.php</item>
 	</additional_files_needed>
 	<additional_files_needed>
-- 
cgit v1.2.3