From bc0029b7199a8df0cfa4cbd0c327f91611b06be2 Mon Sep 17 00:00:00 2001 From: jim-p Date: Mon, 9 Mar 2015 12:59:34 -0400 Subject: Add source and destination bypass fields for FTP proxy --- config/ftpproxy/ftpproxy.inc | 16 ++++++++++++++++ config/ftpproxy/ftpproxy.xml | 20 ++++++++++++++++---- 2 files changed, 32 insertions(+), 4 deletions(-) (limited to 'config') diff --git a/config/ftpproxy/ftpproxy.inc b/config/ftpproxy/ftpproxy.inc index 84a6e7cd..7fc54775 100644 --- a/config/ftpproxy/ftpproxy.inc +++ b/config/ftpproxy/ftpproxy.inc @@ -75,6 +75,12 @@ function validate_form_ftpproxy($post, &$input_errors) { if (!empty($post["idletimeout"]) && (is_numeric($post["idletimeout"]) || ($post["idletimeout"] <= 0) || ($post["idletimeout"] > 86400))) { $input_errors[] = 'You must specify a valid number in the \'Idle Timeout\' field (Between 1 and 86400)'; } + if (!empty($post["bypasssrc"]) && !(is_alias($post["bypasssrc"]) || is_subnetv4($post["bypasssrc"]) || is_ipaddr($post["bypasssrc"]))) { + $input_errors[] = 'You must specify a valid IP address or alias for Proxy Bypass: Source'; + } + if (!empty($post["bypassdst"]) && !(is_alias($post["bypassdst"]) || is_subnetv4($post["bypassdst"]) || is_ipaddr($post["bypassdst"]))) { + $input_errors[] = 'You must specify a valid IP address or alias for Proxy Bypass: Destination'; + } } function ftpproxy_get_port() { @@ -117,6 +123,16 @@ function ftpproxy_generate_rules($type) { if (empty($interface)) { continue; } + if (is_subnetv4($cf["bypasssrc"]) || is_ipaddr($cf["bypasssrc"])) { + $rules .= "no rdr on {$interface} inet proto tcp from {$cf['bypasssrc']} to any port 21\n"; + } elseif (is_alias($cf["bypasssrc"])) { + $rules .= "no rdr on {$interface} inet proto tcp from \${$cf['bypasssrc']} to any port 21\n"; + } + if (is_subnetv4($cf["bypassdst"]) || is_ipaddr($cf["bypassdst"])) { + $rules .= "no rdr on {$interface} inet proto tcp from any to {$cf['bypassdst']} port 21\n"; + } elseif (is_alias($cf["bypassdst"])) { + $rules .= "no rdr on {$interface} inet proto tcp from any to \${$cf['bypassdst']} port 21\n"; + } $rules .= "rdr pass on {$interface} inet proto tcp from any to any port 21 -> 127.0.0.1 port " . ftpproxy_get_port() . "\n"; } break; diff --git a/config/ftpproxy/ftpproxy.xml b/config/ftpproxy/ftpproxy.xml index cb5c6f51..5bd123dc 100644 --- a/config/ftpproxy/ftpproxy.xml +++ b/config/ftpproxy/ftpproxy.xml @@ -1,6 +1,6 @@ FTP Client Proxy - 0.1 + 0.2 FTP Client Proxy pkg_edit.php?xml=ftpproxy.xml /usr/local/pkg/ftpproxy.inc @@ -52,13 +52,25 @@ Source Address sourceaddr - Enter a VIP to be the source of outgoing control traffic. + Enter a VIP to be the source of outgoing control traffic. Leave blank to use the default WAN IP address. + input + + + Proxy Bypass: Source + bypasssrc + Enter an IP address or alias for source client host(s) which should bypass the proxy. + input + + + Proxy Bypass: Destination + bypassdst + Enter an IP address or alias for destination server host(s) which should bypass the proxy. input Bind Port (Default: 8021) bindport - Port where the proxy will listen for redirected connections. + Port where the proxy will listen for redirected connections. Do not set this to 21. input @@ -70,7 +82,7 @@ Traffic Shaping Queue tsq - Create rules with queue appended, so that data connections can be queued. + Create rules with the specified queue appended so that data connections can be queued. input -- cgit v1.2.3