summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--conf.default/config.xml1
-rw-r--r--etc/inc/config.inc97
-rw-r--r--etc/inc/filter.inc157
-rw-r--r--etc/inc/pfsense-utils.inc3
-rw-r--r--etc/inc/shaper.inc31
-rw-r--r--etc/phpshellsessions/restartftphelper16
-rwxr-xr-xetc/rc.bootup5
-rwxr-xr-xsbin/dhclient-script3
-rwxr-xr-xusr/local/www/firewall_nat.php7
-rwxr-xr-xusr/local/www/firewall_nat_1to1_edit.php31
-rwxr-xr-xusr/local/www/firewall_nat_edit.php39
-rwxr-xr-xusr/local/www/interfaces.php22
-rw-r--r--usr/local/www/system_advanced_firewall.php12
13 files changed, 7 insertions, 417 deletions
diff --git a/conf.default/config.xml b/conf.default/config.xml
index 68ce2e1..adcb5e5 100644
--- a/conf.default/config.xml
+++ b/conf.default/config.xml
@@ -199,7 +199,6 @@
<gateway></gateway>
<blockpriv/>
<blockbogons/>
- <disableftpproxy/>
<dhcphostname></dhcphostname>
<media></media>
<mediaopt></mediaopt>
diff --git a/etc/inc/config.inc b/etc/inc/config.inc
index eb2daaa..c3cef03 100644
--- a/etc/inc/config.inc
+++ b/etc/inc/config.inc
@@ -1181,101 +1181,6 @@ EOD;
}
}
-function system_start_ftp_helpers() {
- require_once("interfaces.inc");
- global $config, $g;
-
- mwexec("/usr/bin/killall ftpsesame", true);
-
- /* if list */
- $iflist = get_configured_interface_list();
-
- /* loop through all interfaces and handle ftp-proxy */
- $interface_counter = 0;
- foreach ($iflist as $ifent => $ifname) {
-
- if(interface_has_gateway($ifname)) {
- $interface_counter++;
- continue;
- }
- /* if the ftp proxy is disabled for this interface then kill ftp-proxy
- * instance and continue. note that the helpers for port forwards are
- * launched in a different sequence so we are filtering them out
- * here by not including -c {$port} -g 8021 first.
- */
-
- /* Get the ftp queue for this interface */
- if (isset($config['shaper'][$ifname]['ftpqueue']))
- $shaper_queue = $config['interfaces'][$ifname]['ftpqueue'];
-
- $port = 8021 + $interface_counter;
- if(isset($config['interfaces'][$ifname]['disableftpproxy'])) {
- /* item is disabled. lets ++ the interface counter and
- * keep processing interfaces. kill ftp-proxy if already
- * running for this instance.
- */
- if($g['debug'])
- log_error("Config: FTP proxy disabled for interface {$ifent}");
-
- $helpers = array();
- exec("/bin/ps awwux | /usr/bin/grep \"[/]ftp-proxy\" | /usr/bin/grep \"{$port}\" | /usr/bin/awk '{ print $2 }'", $helpers);
- if(count($helpers > 0)) {
- mwexec("/bin/kill {$helpers[0]}");
- }
- $interface_counter++;
- } else {
- /* grab the current interface IP address */
- $int = convert_friendly_interface_to_real_interface_name($ifname);
- $ip = find_interface_ip($int);
- /* are we in routed mode? no source nat rules and not a outside interface? */
- /* If we have advanced outbound nat we skip the FTP proxy, we use ftpsesame */
- if((isset($config['nat']['advancedoutbound']['enable'])) && (! interface_has_gateway($ifname))) {
- $sourcenat = 0;
- /* we are using advanced outbound nat, are we in routing mode? */
- /* if the interface address lies within a outbound NAT source network we should skip */
- if(! empty($config['nat']['advancedoutbound']['rule'])) {
- foreach($config['nat']['advancedoutbound']['rule'] as $natnetwork) {
- if(ip_in_subnet($ip, $natnetwork['source']['network'])) {
- /* if the interface address is matched in the AON Rule we need the ftp proxy */
- if(is_ipaddr($natnetwork['target']) && ($natnetwork['interface'] == "wan")) {
- $pftpxsourceaddr = "-a {$natnetwork['target']}";
- if($g['debug'])
- log_error("Config: AON: using the external ip source {$pftpxsourceaddr} for the ftp proxy");
- }
- $sourcenat++;
- }
- }
- }
- if($sourcenat == 0) {
- if($g['debug'])
- log_error("Config: No AON rule matched for interface {$ifname} - not using FTP proxy");
- mwexec("/usr/local/sbin/ftpsesame -i $int");
- $interface_counter++;
- continue;
- } else {
- if($g['debug'])
- log_error("Config: AON rule matched for interface {$ifname} - using FTP proxy");
- }
- }
- /* if ftp-proxy is already running then do not launch it again */
- if($g['debug']) {
- log_error("Config: FTP proxy port ($port) enabled for interface {$ifname}");
- }
- $helpers = array();
- exec("/bin/ps awwux | /usr/bin/grep \"[/]ftp-proxy\" | /usr/bin/grep \"{$port}\" | /usr/bin/grep \"{$pftpxsourceaddr}\" | /usr/bin/awk '{ print $2 }'", $helpers);
- if(!$helpers && $ip)
- mwexec("/usr/local/sbin/ftp-proxy {$shaper_queue} -p {$port} {$pftpxsourceaddr} {$ip} -T PFFTPPROXY");
- if(!$ip)
- mwexec("/usr/local/sbin/ftpsesame {$shaper_queue} -i $int");
- $interface_counter++;
- }
- }
- /* support bridged interfaces. even they need ftp mojo */
- if (is_array($config['bridges']['bridged']))
- foreach($config['bridges']['bridged'] as $bridge)
- mwexec("/usr/local/sbin/ftpsesame {$shaper_queue} -i {$bridge['bridgeif']}");
-}
-
function cleanup_backupcache($revisions = 30) {
global $g;
$i = false;
@@ -1463,4 +1368,4 @@ function set_device_perms() {
if($g['booting']) echo ".";
$config = parse_config();
-?> \ No newline at end of file
+?>
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 4159321..95f7824 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -242,7 +242,6 @@ function filter_configure_sync() {
run_plugins("/usr/local/pkg/pf/");
update_filter_reload_status("Plugins completed.");
}
- system_start_ftp_helpers();
/* if time based rules are enabled then swap in the set */
if($time_based_rules == true) {
tdr_install_cron(true);
@@ -396,7 +395,6 @@ function generate_optcfg_array()
$oic['descr'] = $ifdetail;
$oic['sa'] = gen_subnet($oic['ip'], $oic['sn']);
$oic['nonat'] = $oc['nonat'];
- $oic['ftpproxy'] = !isset($oc['disableftpproxy']);
$oic['alias-address'] = $oc['alias-address'];
$oic['alias-subnet'] = $oc['alias-subnet'];
$oic['gateway'] = $oc['gateway'];
@@ -531,69 +529,13 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "
return $natrule;
}
-function is_one_to_one_or_server_nat_rule($iptocheck)
-{
- global $config, $target;
- if(isset($config['system']['developerspew'])) {
- $mt = microtime();
- echo "is_one_to_one_or_server_nat_rule() being called $mt\n";
- }
- if($config['nat']['onetoone'] <> "")
- foreach($config['nat']['onetoone'] as $onetoone) {
- if(ip_in_subnet($iptocheck,$onetoone['internal']."/".$onetoone['subnet']) == true)
- return true;
- if($onetoone['internal'] == $target)
- return true;
- }
- if($config['nat']['servernat'] <> "")
- foreach($config['nat']['servernat'] as $onetoone) {
- $int = explode("/", $onetoone['ipaddr']);
- if(ip_in_subnet($iptocheck,$onetoone['ipaddr']."/".$onetoone['subnet']) == true)
- return true;
- if($onetoone['ipaddr'] == $target)
- return true;
- }
- if($config['nat']['rule'] <> "")
- foreach($config['nat']['rule'] as $onetoone) {
- $int = explode("/", $onetoone['target']);
- if(ip_in_subnet($iptocheck,$onetoone['target']."/".$onetoone['subnet']) == true)
- return true;
- if($onetoone['target'] == $target)
- return true;
- }
- return FALSE;
-}
-
function filter_nat_rules_generate()
{
global $config, $g, $after_filter_configure_run, $FilterIflist;
- $natrules .= "nat-anchor \"ftp-proxy/*\"\n";
$natrules .= "nat-anchor \"natearly/*\"\n";
$natrules .= "nat-anchor \"natrules/*\"\n\n";
update_filter_reload_status("Creating 1:1 rules...");
- /* Traverse looking for 1:1 rules that have useftphelper enabled
- * This will prevent NAT from occurring and ftp-proxy should pick up the rest.
- */
- if (is_array($config['nat']['onetoone']))
- foreach($config['nat']['onetoone'] as $one) {
- if($one['useftphelper']) {
- $int = $FilterIflist[$one['interface']]['if'];
- $external_address = $one['external'];
- $internal_address = $one['internal'];
- if($int && $external_address && $internal_address) {
- $natrules .= "# FTP Helper binat\n";
- $natrules .= "no binat on {$int} proto tcp from any to {$external_address} port 21\n";
- $helpers = exec("/bin/ps awux | /usr/bin/grep \"p 21 -R {$internal_address} -b {$external_address}\" | /usr/bin/grep -v grep");
- if(!$helpers) {
- /* Get the ftp queue for this interface */
- if (isset($config['interfaces'][$rule['interface']]['ftpqueue']))
- $shaper_queue = "-q " . $config['interfaces'][$rule['interface']]['ftpqueue'];
- /* else default queue configured on shaper will get this */
- $after_filter_configure_run[] = "/usr/local/sbin/ftp-proxy -p 21 -R {$internal_address} -b {$external_address} -T PFFTPPROXY {$shaper_queue}";
- }
- }
- }
- }
+
/* any 1:1 mappings? */
if (is_array($config['nat']['onetoone'])) {
foreach ($config['nat']['onetoone'] as $natent) {
@@ -743,85 +685,17 @@ function filter_nat_rules_generate()
$natrules .= "\n# Load balancing anchor\n";
$natrules .= "rdr-anchor \"relayd/*\"\n";
- update_filter_reload_status("Setting up FTP helper");
- $natrules .= "# FTP proxy\n";
- $natrules .= "rdr-anchor \"ftp-proxy/*\"\n";
+ update_filter_reload_status("Setting up TFTP helper");
+ $natrules .= "# TFTP proxy\n";
$natrules .= "rdr-anchor \"tftp-proxy/*\"\n";
- $natrules .= "\n";
$interface_counter = 0;
$vpns_list = get_vpns_list();
$direct_networks_list = get_direct_networks_list();
- /* prevent 1:1 ips from ftp-proxy, they will be handled by ftp-sesame */
- if($config['nat']['onetoone'])
- foreach ($config['nat']['onetoone'] as $vipent)
- $onetoone_list .= "{$vipent['internal']} ";
- if($onetoone_list)
- $natrules .= "table <onetoonelist> { $onetoone_list }\n";
if($vpns_list)
$natrules .= "table <vpns> { $vpns_list }\n";
if($direct_networks_list)
$natrules .= "table <direct_networks> { $direct_networks_list }\n";
- /* loop through all interfaces and handle ftp-proxy redirections */
- foreach ($FilterIflist as $ifent => $ifcfg) {
- if ($ifcfg['ftpproxy'] == false) {
- if($g['debug'])
- log_error("Filter: FTP proxy disabled for interface {$ifcfg['descr']} - ignoring.");
- $interface_counter++;
- continue;
- }
- $realif = $ifcfg['if'];
- $int_ip = $ifcfg['ip'];
- if (!is_ipaddr($int_ip))
- continue;
-
- /* are we in routed mode? no source nat rules and not a outside interface? */
- /* If advanced outbound nat enabled skip FTP proxy, we use ftpsesame */
- if ((isset($config['nat']['advancedoutbound']['enable'])) &&
- (! interface_has_gateway($ifent))) {
- $sourcenat = 0;
- /* we are using advanced outbound nat, are we in routing mode? */
- /* if the interface address lies within a outbound NAT source network we should skip */
- if (! empty($config['nat']['advancedoutbound']['rule'])) {
- /* if interface address is matched in the AON Rule we need the ftp proxy */
- foreach($config['nat']['advancedoutbound']['rule'] as $natnetwork)
- if(ip_in_subnet($int_ip, $natnetwork['source']['network']))
- $sourcenat++;
- }
- if($sourcenat == 0) {
- if($g['debug'])
- log_error("Filter: No AON rule matched for interface {$ifcfg['descr']} - not using the FTP proxy");
- $interface_counter++;
- continue;
- } else {
- if($g['debug'])
- log_error("Filter: AON Rule matched for interface {$ifcfg['descr']} - using FTP proxy");
- }
- }
-
- /* if the user has defined, include the alias so that we do not redirect ftp
- * connections across the tunnels to ftp-proxy
- *
- * if interface lacks an ip, dont setup a rdr for ftp.
- * they are most likely on a bridged interface
- */
- if($vpns_list) {
- $natrules .= "no rdr on $realif proto tcp from any to <vpns> port 21\n";
- $natrules .= "no rdr on $realif proto {tcp,udp} from any to <vpns> port tftp\n";
- if($onetoone_list) {
- $natrules .= "no rdr on $realif proto tcp from <onetoonelist> to any port 21\n";
- $natrules .= "no rdr on $realif proto udp from <onetoonelist> to any port tftp\n";
- }
- }
- $tmp_port = 8021 + $interface_counter;
- if($g['debug'])
- log_error("Filter: FTP proxy port ($tmp_port) enabled for interface {$ifcfg['descr']}");
-
- $natrules .= "rdr on $realif proto tcp from any to any port 21 tag PFFTPPROXY -> 127.0.0.1 port {$tmp_port}\n";
- $natrules .= "rdr on $realif proto udp from any to any port tftp tag PFFTPPROXY -> 127.0.0.1 port 6969\n";
- $interface_counter++;
- }
- $natrules .= "\n";
/* DIAG: add ipv6 NAT, if requested */
if (isset($config['diag']['ipv6nat']['enable']) &&
@@ -1751,8 +1625,6 @@ function filter_rules_generate()
if(is_ipaddr($cp_interface_ip) and $cp_interface_real)
$ipfrules .= "pass in quick on {$cp_interface_real} proto tcp from any to {$cp_interface_ip} port { 8000 8001 } keep state\n";
}
- /* ftp-sesame */
- $ipfrules .= "anchor \"ftpsesame/*\" \n";
/* relayd */
$ipfrules .= "anchor \"relayd/*\"\n";
# BEGIN OF firewall rules
@@ -2005,29 +1877,6 @@ anchor "packagelate"
EOD;
- $ipfrules .= "\nanchor \"ftp-proxy/*\"\n";
- if(!isset($config['system']['disableftpproxy'])) {
- $ipfrules .= "\n# enable ftp-proxy\n";
- $ipfrules .= "pass in inet proto tcp tagged PFFTPPROXY flags S/SA keep state label \"FTP PROXY: Allow traffic to localhost\"\n";
-
- if (isset($config['system']['rfc959workaround'])) {
- $ipfrules .= <<<EODEOD
-# Fix sites that violate RFC 959 which specifies that the data connection
-# be sourced from the command port - 1 (typically port 20)
-# This workaround doesn't expose us to any extra risk as we'll still only allow
-# connections to the firewall on a port that ftp-proxy is listening on
-
-EODEOD;
- foreach ($FilterIflist as $ftpif => $ftpifcfg) {
- if ($ftpifcfg['ftpproxy'] == true)
- $ipfrules .= <<<EOD
-pass in quick on {$ftpifcfg['if']} inet proto tcp from port 20 to ({$ftpifcfg['if']}) port > 49000 flags S/SA keep state label "FTP PROXY: PASV mode data connection"
-
-EOD;
- }
- }
- }
-
if (isset($config['filter']['rule'])) {
$load_ipfw_module = false;
/* Pre-cache all our rules so we only have to generate them once */
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index 66cca75..188df75 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -2695,9 +2695,6 @@ function reload_all_sync() {
/* start the NTP client */
system_ntp_configure();
- /* start ftp proxy helpers if they are enabled */
- system_start_ftp_helpers();
-
/* start the captive portal */
captiveportal_configure();
diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc
index 57ec851..a2456b3 100644
--- a/etc/inc/shaper.inc
+++ b/etc/inc/shaper.inc
@@ -200,12 +200,6 @@ function cleanup_queue_from_rules($queue)
if ($rule['ackqueue'] == $queue)
unset($rule['ackqueue']);
}
- foreach ($config['interfaces'] as $if => $ifdata) {
- if ($ifdata['ftpqueue'] == $queue) {
- unset($config['interfaces'][$if]['ftpqueue']);
- break;
- }
- }
}
function cleanup_dnqueue_from_rules($queue)
@@ -957,8 +951,6 @@ function GetEcn() {
$this->SetQPriority($q['priority']);
if (isset($q['description']) && $q['description'] != "")
$this->SetDescription($q['description']);
- if (isset($q['ftpqueue']) && $q['ftpqueue'] <> "")
- set_is_ftp_queue($this->GetInterface(), $this->GetQname());
$this->SetRed($q['red']);
$this->SetRio($q['rio']);
$this->SetEcn($q['ecn']);
@@ -1071,12 +1063,6 @@ function GetEcn() {
$form .= "<input type=\"checkbox\" id=\"default\" name=\"default\"";
$form .= "> Default queue<br>";
}
- /* XXX: TODO Add check to disable this if it has been set on another queue on this interface. */
- $form .= "<input type=\"checkbox\" id=\"ftpqueue\" name=\"ftpqueue\" ";
- if (get_is_ftp_queue($this->GetInterface(), $this->GetQname()))
- $form .= " CHECKED";
- $form .= ">Use this queue for the ftp proxy<br>";
- /* XXX: TODO */
$form .= "<input type=\"checkbox\" id=\"red\" name=\"red\"";
if($this->GetRed())
$form .= " CHECKED";
@@ -3544,23 +3530,6 @@ function &get_unique_dnqueue_list() {
return $qlist;
}
-function get_is_ftp_queue($interface, $qname) {
- global $config;
-
- if (isset($config['interfaces'][$interface]['ftpqueue']) &&
- $config['interfaces'][$interface]['ftpqueue'] == $qname)
- return true;
- return false;
-}
-
-function set_is_ftp_queue($interface, $qname) {
- global $config;
-
- if (!is_array($config['interfaces'][$interface]['ftpqueue']))
- $config['interfaces'][$interface]['ftpqueue'] = array();
- $config['interfaces'][$interface]['ftpqueue'] = $qname;
-}
-
function ref_on_altq_queue_list($parent, $qname) {
if (isset($GLOBALS['queue_list'][$qname]))
$GLOBALS['queue_list'][$qname]++;
diff --git a/etc/phpshellsessions/restartftphelper b/etc/phpshellsessions/restartftphelper
deleted file mode 100644
index 61c8803..0000000
--- a/etc/phpshellsessions/restartftphelper
+++ /dev/null
@@ -1,16 +0,0 @@
-! echo "===> Beginning restartftphelper."
-! echo "Killing ftp-proxy if started..."
-= killall ftp-proxy
-! echo "Killing pftpx if started..."
-= killall pftpx
-! echo "Killing ftpsesame if started..."
-= killall ftpsesame
-! echo "Running php function system_start_ftp_helpers()..."
-system_start_ftp_helpers();
-! echo "Checking if ftp-proxy is running..."
-= ps awux | grep "ftp-proxy"
-! echo "Checking if pftpx is running..."
-= ps awux | grep "pftpx"
-! echo "Checking if ftpsesame is running..."
-= ps awux | grep "ftpsesame"
-! echo "===> End of restartftphelper."
diff --git a/etc/rc.bootup b/etc/rc.bootup
index 53bcf1f..b19bf41 100755
--- a/etc/rc.bootup
+++ b/etc/rc.bootup
@@ -225,11 +225,6 @@
/* start IPsec tunnels */
vpn_ipsec_configure();
- /* start ftp proxy helpers if they are enabled */
- echo "Starting FTP helpers...";
- system_start_ftp_helpers();
- echo "done.\n";
-
/* start SNMP service */
services_snmpd_configure();
diff --git a/sbin/dhclient-script b/sbin/dhclient-script
index 0ad09f7..4a0659a 100755
--- a/sbin/dhclient-script
+++ b/sbin/dhclient-script
@@ -66,9 +66,6 @@ add_new_address() {
$LOGGER "Starting add_new_address()"
- # Kill off old pftpx process.
- kill `ps awux | grep "pftpx -b" | grep -v grep | grep $old_ip_address | cut -d" " -f5`
-
$LOGGER "ifconfig $interface inet $new_ip_address netmask $new_subnet_mask broadcast $new_broadcast_address $medium"
$IFCONFIG $interface \
diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php
index a11fd8e..9bcc2e6 100755
--- a/usr/local/www/firewall_nat.php
+++ b/usr/local/www/firewall_nat.php
@@ -82,12 +82,7 @@ if (isset($_POST['del_x'])) {
/* delete selected rules */
if (is_array($_POST['rule']) && count($_POST['rule'])) {
foreach ($_POST['rule'] as $rulei) {
- $target = $rule['target'];
- $helpers = exec("/bin/ps awwux | grep pftpx | grep \"{$target}\" | grep -v grep | awk '{ print \$2 }'");
- if($helpers) {
- /* kill ftp proxy helper */
- mwexec("/bin/kill {$helpers}");
- }
+ $target = $rule['target'];
unset($a_nat[$rulei]);
}
write_config();
diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php
index cec2cad..116ca79 100755
--- a/usr/local/www/firewall_nat_1to1_edit.php
+++ b/usr/local/www/firewall_nat_1to1_edit.php
@@ -60,7 +60,6 @@ if (isset($id) && $a_1to1[$id]) {
else
$pconfig['subnet'] = $a_1to1[$id]['subnet'];
$pconfig['descr'] = $a_1to1[$id]['descr'];
- $pconfig['useftphelper'] = $a_1to1[$id]['useftphelper'];
} else {
$pconfig['subnet'] = 32;
$pconfig['interface'] = "wan";
@@ -118,20 +117,10 @@ if ($_POST) {
if (!$input_errors) {
$natent = array();
- /* Is there a ftp-proxy process running? Kill it off if the items IP is changing. */
- if($a_1to1[$id]['useftphelper']) {
- if($a_1to1[$id]['external'] != $_POST['external'] or
- $a_1to1[$id]['internal'] != $_POST['internal'] or !$_POST['useftphelper']) {
- $helpers = `/bin/ps awux | /usr/bin/grep "p 21 -R {$a_1to1[$id]['internal']} -b {$a_1to1[$id]['external']}" | /usr/bin/grep -v grep | /usr/bin/awk '{ print $2 }'`;
- if($helpers)
- exec("kill $helpers");
- }
- }
$natent['external'] = $_POST['external'];
$natent['internal'] = $_POST['internal'];
$natent['subnet'] = $_POST['subnet'];
$natent['descr'] = $_POST['descr'];
- $natent['useftphelper'] = $_POST['useftphelper'];
$natent['interface'] = $_POST['interface'];
if (isset($id) && $a_1to1[$id])
@@ -181,7 +170,7 @@ include("head.inc");
<td width="22%" valign="top" class="vncellreq">External subnet</td>
<td width="78%" class="vtable">
<input name="external" type="text" class="formfld unknown" id="external" size="20" value="<?=htmlspecialchars($pconfig['external']);?>">
- <select name="subnet" class="formselect" id="subnet" onChange="hideshow_ftphelper();">
+ <select name="subnet" class="formselect" id="subnet" >
<?php for ($i = 32; $i >= 0; $i--): ?>
<option value="<?=$i;?>" <?php if ($i == $pconfig['subnet']) echo "selected"; ?>>
<?=$i;?>
@@ -198,12 +187,6 @@ include("head.inc");
<br>
<span class="vexpl">Enter the internal (LAN) subnet for the 1:1 mapping. The subnet size specified for the external subnet also applies to the internal subnet (they have to be the same).</span></td>
</tr>
- <tr id="ftphelperrow">
- <td width="22%" valign="top" class="vncell">Use FTP-Helper</td>
- <td width="78%" class="vtable">
- <input name="useftphelper" type="checkbox" class="formfld unknown" id="useftphelper" <?php if($pconfig['useftphelper']) echo " CHECKED";?> >
- <br><span class="vexpl">Checking this will launch a FTP Helper to assist in PASV NAT rewriting for the FTP protocol.</span></td>
- </tr>
<tr>
<td width="22%" valign="top" class="vncell">Description</td>
<td width="78%" class="vtable">
@@ -221,18 +204,6 @@ include("head.inc");
</td>
</tr>
</table>
-<script type="text/javascript">
- function hideshow_ftphelper() {
- if($('subnet').value == '32') {
- $('ftphelperrow').show();
- } else {
- $('ftphelperrow').hide();
- $('useftphelper').checked = false;
- }
-
- }
- hideshow_ftphelper();
-</script>
</form>
<?php include("fend.inc"); ?>
</body>
diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index 5fe8fd2..b7a65e4 100755
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -224,45 +224,6 @@ if ($_POST) {
$config['filter']['rule'][] = $filterent;
- /* auto add rule to external port 21 as well since we are using
- * pftpx to help open up ports automatically
- */
- if($_POST['endport'] == "21") {
- $filterent = array();
- $filterent['interface'] = $_POST['interface'];
- $filterent['protocol'] = $_POST['proto'];
- $filterent['source']['any'] = "";
-
- if($_POST['extaddr'] == "") {
- $filterent['destination']['network'] = "wanip";
- } else {
- $filterent['destination']['address'] = $_POST['extaddr'];
- }
-
- $dstpfrom = $_POST['localbeginport'];
- $dstpto = $dstpfrom + $_POST['endport'] - $_POST['beginport'];
-
- if ($dstpfrom == $dstpto)
- $filterent['destination']['port'] = $dstpfrom;
- else
- $filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
-
- $filterent['descr'] = "NAT " . $_POST['descr'];
- /* See comment above */
- $filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 63);
-
- $config['filter']['rule'][] = $filterent;
-
- touch($d_filterconfdirty_path);
-
- write_config();
-
- header("Location: firewall_nat.php?savemsg=The%20changes%20have%20been%20saved.%20%20Please%20note%20that%20we%20have%20added%20an%20additional%20rule%20for%20the%20FTP%20helper.");
-
- exit;
-
- }
-
touch($d_filterconfdirty_path);
}
diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php
index 5f9f2ed..8145ffa 100755
--- a/usr/local/www/interfaces.php
+++ b/usr/local/www/interfaces.php
@@ -136,8 +136,6 @@ $pconfig['pptp_remote'] = $wancfg['remote'];
$pconfig['pptp_dialondemand'] = isset($wancfg['ondemand']);
$pconfig['pptp_idletimeout'] = $wancfg['timeout'];
-$pconfig['disableftpproxy'] = isset($wancfg['disableftpproxy']);
-
$pconfig['dhcphostname'] = $wancfg['dhcphostname'];
$pconfig['alias-address'] = $wancfg['alias-address'];
$pconfig['alias-subnet'] = $wancfg['alias-subnet'];
@@ -237,7 +235,6 @@ if ($_POST['apply']) {
unlink_if_exists("{$g['tmp_path']}/config.cache");
unlink_if_exists("{$d_landirty_path}");
interface_configure($if);
- system_start_ftp_helpers();
reset_carp();
/* restart snmp so that it binds to correct address */
services_snmpd_configure();
@@ -421,10 +418,7 @@ if ($_POST) {
unset($wancfg['local']);
unset($wancfg['subnet']);
unset($wancfg['remote']);
- unset($wancfg['disableftpproxy']);
- /* per interface pftpx helper */
- if ($_POST['disableftpproxy'] == "yes")
- $wancfg['disableftpproxy'] = true;
+
$wancfg['descr'] = remove_bad_chars($_POST['descr']);
if ($if == "wan" || $if == "lan")
$wancfg['enable'] = true;
@@ -1396,20 +1390,6 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe"
<td colspan="2" valign="top" height="16"></td>
</tr>
<tr>
- <td colspan="2" valign="top" class="listtopic">Other</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">FTP Helper</td>
- <td width="78%" class="vtable">
- <input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if ($pconfig['disableftpproxy']) echo "checked"; ?> />
- <strong>Disable the userland FTP-Proxy application</strong>
- <br />
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" height="16"></td>
- </tr>
- <tr>
<td colspan="2" valign="top" class="listtopic">Private networks</td>
</tr>
<tr>
diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php
index 0843bc7..770634e 100644
--- a/usr/local/www/system_advanced_firewall.php
+++ b/usr/local/www/system_advanced_firewall.php
@@ -191,18 +191,6 @@ function update_description(itemnum) {
<td colspan="2" valign="top" class="listtopic">Firewall Advanced</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell">FTP server compatibility</td>
- <td width="78%" class="vtable">
- <input name="rfc959workaround" type="checkbox" id="rfc959workaround" value="yes" <?php if (isset($config['system']['rfc959workaround'])) echo "checked"; ?> />
- <strong>Allow data connections from the FTP command port</strong><br/>
- This allows for communication with ftp servers that violate
- RFC 959 by opening data connections from the command port (21).
- These should be opened on the data port(20). This option should
- not expose you to any extra risk as the firewall will still only
- allow connections on a port that ftp-proxy listens on.
- </td>
- </tr>
- <tr>
<td width="22%" valign="top" class="vncell">IP Do-Not-Fragment compatibility</td>
<td width="78%" class="vtable">
<input name="scrubnodf" type="checkbox" id="scrubnodf" value="yes" <?php if (isset($config['system']['scrubnodf'])) echo "checked"; ?> />
OpenPOWER on IntegriCloud