diff options
| author | Bill Marquette <billm@pfsense.org> | 2005-03-04 16:44:03 +0000 |
|---|---|---|
| committer | Bill Marquette <billm@pfsense.org> | 2005-03-04 16:44:03 +0000 |
| commit | 38560a2579ca902dfcf6a27f0f0ec2c59cf21972 (patch) | |
| tree | 50d965ae6246de8a8e1d7341fc8d5c82e57482db /usr | |
| parent | 7fbc79b1f90d8f05ac58c74727f36bff855343c7 (diff) | |
| download | pfsense-38560a2579ca902dfcf6a27f0f0ec2c59cf21972.zip pfsense-38560a2579ca902dfcf6a27f0f0ec2c59cf21972.tar.gz | |
Make RFC959 data port workaround configurable - default to disabled
Diffstat (limited to 'usr')
| -rwxr-xr-x | usr/local/www/system_advanced.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/usr/local/www/system_advanced.php b/usr/local/www/system_advanced.php index 65bc8ae5..684047d 100755 --- a/usr/local/www/system_advanced.php +++ b/usr/local/www/system_advanced.php @@ -35,6 +35,7 @@ require("guiconfig.inc"); $pconfig['disablefilter'] = $config['system']['disablefilter']; $pconfig['disableftpproxy'] = $config['system']['disableftpproxy']; +$pconfig['rfc959workaround'] = $config['system']['rfc959workaround']; $pconfig['filteringbridge_enable'] = isset($config['bridge']['filteringbridge']); $pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']); $pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr']; @@ -83,9 +84,13 @@ if ($_POST) { } if($_POST['disableftpproxy'] == "yes") { $config['system']['disableftpproxy'] = "enabled"; + unset($config['system']['rfc959workaround']); } else { unset($config['system']['disableftpproxy']); } + if($_POST['rfc959workaround'] == "yes") { + $config['system']['rfc959workaround'] = "enabled"; + } $config['bridge']['filteringbridge'] = $_POST['filteringbridge_enable'] ? true : false; $config['diag']['ipv6nat']['enable'] = $_POST['ipv6nat_enable'] ? true : false; $config['diag']['ipv6nat']['ipaddr'] = $_POST['ipv6nat_ipaddr']; @@ -312,6 +317,12 @@ function enable_change(enable_over) { <input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if (isset($config['system']['disableftpproxy'])) echo "checked"; ?> onclick="enable_change(false)"> <strong class="vexpl">Disable the userland FTP-Proxy application</strong><br> </tr> + <tr> + <td width="22%" valign="top" class="vncell">FTP RFC 959 data port violation workaround</td> + <td width="78%" class="vtable"> + <input name="rfc959workaround" type="checkbox" id="rfc959workaround" value="yes" <?php if (isset($config['system']['rfc959workaround'])) echo "checked"; ?> onclick="enable_change(false)"> + <strong class="vexpl">Workaround for sites that violate RFC 959 which specifies that the data connection be sourced from the command port - 1 (typicaly port 20). This workaround doesn't expose you to any extra risk as the firewall will still only allow connections on a port that the ftp-proxy is listening on.</strong><br> + </tr> <tr> <td width="22%" valign="top" class="vncell">Traffic Shaper Scheduler</td> |
