MFC 7042

Do not clear out the ENTIRE nat ruleset by moving the pftpx check above the nat rule construction portion.

1 files changed, 17 insertions, 17 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 4947bd5..5dcf385 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -601,6 +601,23 @@ function filter_nat_rules_generate() {
 			if(alias_expand($extaddr))
 				$extaddr = alias_expand($extaddr);
 
+			/*
+			 *    If FTP Proxy Helper is enbabled and the
+			 *    operator has requested a port forward to
+			 *    a ftp server then launch a helper
+			 */
+			if($target <> "") {
+				if($extport[0] == "21" and !$config['system']['disableftpproxy']) {
+					$helpers = exec("ps aux | grep pftpx | grep {$target}");
+					echo "{$helpers}\n";
+					if(!$helpers) {
+						/* install a pftpx helper, do not set a rule */
+						mwexec_bg("/usr/local/sbin/pftpx -b {$extaddr} -c 21 -f {$target} -g 21");
+						return;
+					}
+				}
+			}
+
 			if ((!$extport[1]) || ($extport[0] == $extport[1])) {
 				if($rule['protocol'] == "tcp/udp")
 					$natrules .=
@@ -618,23 +635,6 @@ function filter_nat_rules_generate() {
 					 "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port {$extport[0]}:{$extport[1]} -> {$target} port {$extport[0]}:*";
 			}
 
-			/*
-			 *    If FTP Proxy Helper is enbabled and the
-			 *    operator has requested a port forward to
-			 *    a ftp server then launch a helper
-			 */
-			if($target <> "") {
-				if($extport[0] == "21" and !$config['system']['disableftpproxy']) {
-					$helpers = exec("ps aux | grep pftpx | grep {$target}");
-					echo "{$helpers}\n";
-					if(!$helpers) {
-						/* install a pftpx helper, do not set a rule */
-						mwexec_bg("/usr/local/sbin/pftpx -b {$extaddr} -c 21 -f {$target} -g 21");
-						$natrules = "";
-					}
-				}
-			}
-
 			$natrules .= "\n";
 		}
 	}