diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2006-02-19 21:45:00 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2006-02-19 21:45:00 +0000 |
| commit | ea51b89747524d4dfd39af943d75d3d84e5fc1ff (patch) | |
| tree | 4898753c34716ec1ca063a9d54ad92a7f4993f77 /etc | |
| parent | ba86cc01a17cb803f41fd7642ddb358869034dc8 (diff) | |
| download | pfsense-ea51b89747524d4dfd39af943d75d3d84e5fc1ff.zip pfsense-ea51b89747524d4dfd39af943d75d3d84e5fc1ff.tar.gz | |
Do not redirect connections across ipsec vpns through PFTPX.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0d41dd2..b4cf0b5 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -268,6 +268,22 @@ function filter_generate_aliases() { return $aliases; } +function get_vpns_list() { + global $config; + /* build list of vpns */ + $vpns = ""; + $isfirst = true; + if($config['ipsec']['tunnel']) { + foreach($config['ipsec']['tunnel'] as $tunnel) { + if($isfirst == false) + $vpns .= " "; + $vpns .= $tunnel['remote-subnet']; + $isfirst = false; + } + } + return $vpns; +} + function generate_optcfg_array(& $optcfg) { global $config; if(isset($config['system']['developerspew'])) { @@ -573,7 +589,15 @@ function filter_nat_rules_generate() { } $tmp_port = 8021 + $interface_counter; $tmp_interface = convert_friendly_interface_to_real_interface_name($ifname); - $natrules .= "rdr on {$tmp_interface} proto tcp from any to any port 21 -> 127.0.0.1 port {$tmp_port}\n"; + $vpns = get_vpns_list(); + /* if the user has defined, include the alias so that we do not redirect ftp + connections across the tunnels to pftpx */ + $vpns_list = get_vpns_list(); + if($vpns_list) + $vpns = "{ ! $vpns_list }"; + else + $vpns = "any"; + $natrules .= "rdr on {$tmp_interface} proto tcp from any to {$vpns} port 21 -> 127.0.0.1 port {$tmp_port}\n"; $interface_counter++; } $natrules .= "\n"; |
