diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-11-21 23:04:00 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-11-21 23:04:00 +0000 |
commit | 68bf32daaf62dc1a09588d5c5fb98f78d507a04f (patch) | |
tree | be7db0c8d22f8644e562214331af0c4691c2a38e | |
parent | e786fa1ead5e9c9795c246099199bd6c04991875 (diff) | |
download | pfsense-68bf32daaf62dc1a09588d5c5fb98f78d507a04f.zip pfsense-68bf32daaf62dc1a09588d5c5fb98f78d507a04f.tar.gz |
Convert anchors and such over to ftp-proxy.
-rw-r--r-- | etc/inc/config.inc | 6 | ||||
-rw-r--r-- | etc/inc/filter.inc | 18 |
2 files changed, 12 insertions, 12 deletions
diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 95d2a84..a5dfe8c 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -1717,7 +1717,7 @@ function system_start_ftp_helpers() { for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) $iflist['opt' . $i] = "opt{$i}"; - /* loop through all interfaces and handle pftpx */ + /* loop through all interfaces and handle ftp-proxy */ $interface_counter = 0; if(isset($config['shaper']['enable'])) { if(isset($config['ezshaper']['step5']['p2pcatchall'])) { @@ -1730,7 +1730,7 @@ function system_start_ftp_helpers() { $shaper_queue = ""; } foreach ($iflist as $ifent => $ifname) { - /* if the ftp proxy is disabled for this interface then kill pftpx + /* if the ftp proxy is disabled for this interface then kill ftp-proxy * instance and continue. note that the helpers for port forwards are * launched in a different sequence so we are filtering them out * here by not including -c {$port} -g 8021 first. @@ -1742,7 +1742,7 @@ function system_start_ftp_helpers() { $port = 8021 + $interface_counter; if(isset($config['interfaces'][$ifname]['disableftpproxy'])) { /* item is disabled. lets ++ the interface counter and - * keep processing interfaces. kill pftpx if already + * keep processing interfaces. kill ftp-proxy if already * running for this instance. */ $helpers = exec("/bin/ps awux | grep \"/usr/local/sbin/ftp-proxy {$shaper_queue} -p {$port}\" | grep -v grep | sed \"s/ */ /g\" | cut -f2 -d\" \""); diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 83dda01..4ad1956 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -619,13 +619,13 @@ function filter_nat_rules_generate() { $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); - $natrules .= "nat-anchor \"pftpx/*\"\n"; + $natrules .= "nat-anchor \"ftp-proxy/*\"\n"; $natrules .= "nat-anchor \"natearly/*\"\n"; $natrules .= "nat-anchor \"natrules/*\"\n"; $natrules .= "# FTP proxy\n"; - $natrules .= "rdr-anchor \"pftpx/*\"\n"; + $natrules .= "rdr-anchor \"ftp-proxy/*\"\n"; $natrules .= "rdr-anchor \"tftp-proxy/*\"\n"; update_filter_reload_status("Creating 1:1 rules..."); @@ -932,7 +932,7 @@ function filter_nat_rules_generate() { $iflist['opt' . $i] = "opt{$i}"; $interface_counter = 0; $vpns_list = get_vpns_list(); - /* prevent 1:1 ips from pftpx, they will be handled by ftp-sesame */ + /* prevent 1:1 ips from ftp-proxy, they will be handled by ftp-sesame */ if($config['nat']['onetoone']) foreach ($config['nat']['onetoone'] as $vipent) $onetoone_list .= "{$vipent['internal']} "; @@ -940,7 +940,7 @@ function filter_nat_rules_generate() { $natrules .= "table <onetoonelist> { $onetoone_list }\n"; if($vpns_list) $natrules .= "table <vpns> { $vpns_list }\n"; - /* loop through all interfaces and handle pftpx redirections */ + /* loop through all interfaces and handle ftp-proxy redirections */ foreach ($iflist as $ifent => $ifname) { $ifname_lower = convert_friendly_interface_to_friendly_descr(strtolower($ifname)); $realif = convert_friendly_interface_to_real_interface_name(strtolower($ifname)); @@ -986,7 +986,7 @@ function filter_nat_rules_generate() { $ifname_lower = strtolower(convert_friendly_interface_to_friendly_descr($ifname)); $vpns = get_vpns_list(); /* if the user has defined, include the alias so that we do not redirect ftp - connections across the tunnels to pftpx */ + connections across the tunnels to ftp-proxy */ $int_ip = find_interface_ip($tmp_interface); /* if interface lacks an ip, dont setup a rdr for ftp. they are most likely on a bridged interface */ if($int_ip and $vpns_list) @@ -1106,9 +1106,9 @@ function filter_nat_rules_generate() { if(!$helpers) { if($external_address == "") $external_address = find_interface_ip(get_real_wan_interface()); - /* install a pftpx helper, do not set a rule. also use the delay filter configure run + /* install a ftp-proxy helper, do not set a rule. also use the delay filter configure run * routines because if this is the first bootup the filter is not completely configured - * and thus pf is not fully running. otherwise we end up with: pftpx: pf is disabled + * and thus pf is not fully running. otherwise we end up with: ftp-proxy: pf is disabled */ if(isset($config['shaper']['enable'])) { if(isset($config['ezshaper']['step5']['p2pcatchall'])) { @@ -2769,11 +2769,11 @@ EOD; $ipfrules .= "block in log proto tcp from <sshlockout> to any port 22 label \"sshlockout\"\n\n"; $ipfrules .= "anchor \"ftpproxy\"\n"; - $ipfrules .= "anchor \"pftpx/*\"\n"; + $ipfrules .= "anchor \"ftp-proxy/*\"\n"; $ipfrules .= process_carp_rules(); - $ipfrules .= "\n\n# PFTPX specific\n"; + $ipfrules .= "\n\n# ftp-proxy specific\n"; foreach($used_pftpx_ports as $pftpx) $ipfrules .= "pass in quick on {$pftpx['interface']} inet proto tcp from any to 127.0.0.1 port {$pftpx['port']} keep state label \"FTP PROXY: Allow traffic to localhost\"\n"; |