summaryrefslogtreecommitdiffstats
path: root/usr/local/www
diff options
context:
space:
mode:
Diffstat (limited to 'usr/local/www')
-rwxr-xr-xusr/local/www/firewall_nat.php7
-rwxr-xr-xusr/local/www/firewall_nat_1to1_edit.php31
-rwxr-xr-xusr/local/www/firewall_nat_edit.php39
-rwxr-xr-xusr/local/www/interfaces.php22
-rw-r--r--usr/local/www/system_advanced_firewall.php12
5 files changed, 3 insertions, 108 deletions
diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php
index a11fd8e..9bcc2e6 100755
--- a/usr/local/www/firewall_nat.php
+++ b/usr/local/www/firewall_nat.php
@@ -82,12 +82,7 @@ if (isset($_POST['del_x'])) {
/* delete selected rules */
if (is_array($_POST['rule']) && count($_POST['rule'])) {
foreach ($_POST['rule'] as $rulei) {
- $target = $rule['target'];
- $helpers = exec("/bin/ps awwux | grep pftpx | grep \"{$target}\" | grep -v grep | awk '{ print \$2 }'");
- if($helpers) {
- /* kill ftp proxy helper */
- mwexec("/bin/kill {$helpers}");
- }
+ $target = $rule['target'];
unset($a_nat[$rulei]);
}
write_config();
diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php
index cec2cad..116ca79 100755
--- a/usr/local/www/firewall_nat_1to1_edit.php
+++ b/usr/local/www/firewall_nat_1to1_edit.php
@@ -60,7 +60,6 @@ if (isset($id) && $a_1to1[$id]) {
else
$pconfig['subnet'] = $a_1to1[$id]['subnet'];
$pconfig['descr'] = $a_1to1[$id]['descr'];
- $pconfig['useftphelper'] = $a_1to1[$id]['useftphelper'];
} else {
$pconfig['subnet'] = 32;
$pconfig['interface'] = "wan";
@@ -118,20 +117,10 @@ if ($_POST) {
if (!$input_errors) {
$natent = array();
- /* Is there a ftp-proxy process running? Kill it off if the items IP is changing. */
- if($a_1to1[$id]['useftphelper']) {
- if($a_1to1[$id]['external'] != $_POST['external'] or
- $a_1to1[$id]['internal'] != $_POST['internal'] or !$_POST['useftphelper']) {
- $helpers = `/bin/ps awux | /usr/bin/grep "p 21 -R {$a_1to1[$id]['internal']} -b {$a_1to1[$id]['external']}" | /usr/bin/grep -v grep | /usr/bin/awk '{ print $2 }'`;
- if($helpers)
- exec("kill $helpers");
- }
- }
$natent['external'] = $_POST['external'];
$natent['internal'] = $_POST['internal'];
$natent['subnet'] = $_POST['subnet'];
$natent['descr'] = $_POST['descr'];
- $natent['useftphelper'] = $_POST['useftphelper'];
$natent['interface'] = $_POST['interface'];
if (isset($id) && $a_1to1[$id])
@@ -181,7 +170,7 @@ include("head.inc");
<td width="22%" valign="top" class="vncellreq">External subnet</td>
<td width="78%" class="vtable">
<input name="external" type="text" class="formfld unknown" id="external" size="20" value="<?=htmlspecialchars($pconfig['external']);?>">
- <select name="subnet" class="formselect" id="subnet" onChange="hideshow_ftphelper();">
+ <select name="subnet" class="formselect" id="subnet" >
<?php for ($i = 32; $i >= 0; $i--): ?>
<option value="<?=$i;?>" <?php if ($i == $pconfig['subnet']) echo "selected"; ?>>
<?=$i;?>
@@ -198,12 +187,6 @@ include("head.inc");
<br>
<span class="vexpl">Enter the internal (LAN) subnet for the 1:1 mapping. The subnet size specified for the external subnet also applies to the internal subnet (they have to be the same).</span></td>
</tr>
- <tr id="ftphelperrow">
- <td width="22%" valign="top" class="vncell">Use FTP-Helper</td>
- <td width="78%" class="vtable">
- <input name="useftphelper" type="checkbox" class="formfld unknown" id="useftphelper" <?php if($pconfig['useftphelper']) echo " CHECKED";?> >
- <br><span class="vexpl">Checking this will launch a FTP Helper to assist in PASV NAT rewriting for the FTP protocol.</span></td>
- </tr>
<tr>
<td width="22%" valign="top" class="vncell">Description</td>
<td width="78%" class="vtable">
@@ -221,18 +204,6 @@ include("head.inc");
</td>
</tr>
</table>
-<script type="text/javascript">
- function hideshow_ftphelper() {
- if($('subnet').value == '32') {
- $('ftphelperrow').show();
- } else {
- $('ftphelperrow').hide();
- $('useftphelper').checked = false;
- }
-
- }
- hideshow_ftphelper();
-</script>
</form>
<?php include("fend.inc"); ?>
</body>
diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index 5fe8fd2..b7a65e4 100755
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -224,45 +224,6 @@ if ($_POST) {
$config['filter']['rule'][] = $filterent;
- /* auto add rule to external port 21 as well since we are using
- * pftpx to help open up ports automatically
- */
- if($_POST['endport'] == "21") {
- $filterent = array();
- $filterent['interface'] = $_POST['interface'];
- $filterent['protocol'] = $_POST['proto'];
- $filterent['source']['any'] = "";
-
- if($_POST['extaddr'] == "") {
- $filterent['destination']['network'] = "wanip";
- } else {
- $filterent['destination']['address'] = $_POST['extaddr'];
- }
-
- $dstpfrom = $_POST['localbeginport'];
- $dstpto = $dstpfrom + $_POST['endport'] - $_POST['beginport'];
-
- if ($dstpfrom == $dstpto)
- $filterent['destination']['port'] = $dstpfrom;
- else
- $filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
-
- $filterent['descr'] = "NAT " . $_POST['descr'];
- /* See comment above */
- $filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 63);
-
- $config['filter']['rule'][] = $filterent;
-
- touch($d_filterconfdirty_path);
-
- write_config();
-
- header("Location: firewall_nat.php?savemsg=The%20changes%20have%20been%20saved.%20%20Please%20note%20that%20we%20have%20added%20an%20additional%20rule%20for%20the%20FTP%20helper.");
-
- exit;
-
- }
-
touch($d_filterconfdirty_path);
}
diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php
index 5f9f2ed..8145ffa 100755
--- a/usr/local/www/interfaces.php
+++ b/usr/local/www/interfaces.php
@@ -136,8 +136,6 @@ $pconfig['pptp_remote'] = $wancfg['remote'];
$pconfig['pptp_dialondemand'] = isset($wancfg['ondemand']);
$pconfig['pptp_idletimeout'] = $wancfg['timeout'];
-$pconfig['disableftpproxy'] = isset($wancfg['disableftpproxy']);
-
$pconfig['dhcphostname'] = $wancfg['dhcphostname'];
$pconfig['alias-address'] = $wancfg['alias-address'];
$pconfig['alias-subnet'] = $wancfg['alias-subnet'];
@@ -237,7 +235,6 @@ if ($_POST['apply']) {
unlink_if_exists("{$g['tmp_path']}/config.cache");
unlink_if_exists("{$d_landirty_path}");
interface_configure($if);
- system_start_ftp_helpers();
reset_carp();
/* restart snmp so that it binds to correct address */
services_snmpd_configure();
@@ -421,10 +418,7 @@ if ($_POST) {
unset($wancfg['local']);
unset($wancfg['subnet']);
unset($wancfg['remote']);
- unset($wancfg['disableftpproxy']);
- /* per interface pftpx helper */
- if ($_POST['disableftpproxy'] == "yes")
- $wancfg['disableftpproxy'] = true;
+
$wancfg['descr'] = remove_bad_chars($_POST['descr']);
if ($if == "wan" || $if == "lan")
$wancfg['enable'] = true;
@@ -1396,20 +1390,6 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe"
<td colspan="2" valign="top" height="16"></td>
</tr>
<tr>
- <td colspan="2" valign="top" class="listtopic">Other</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">FTP Helper</td>
- <td width="78%" class="vtable">
- <input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if ($pconfig['disableftpproxy']) echo "checked"; ?> />
- <strong>Disable the userland FTP-Proxy application</strong>
- <br />
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" height="16"></td>
- </tr>
- <tr>
<td colspan="2" valign="top" class="listtopic">Private networks</td>
</tr>
<tr>
diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php
index 0843bc7..770634e 100644
--- a/usr/local/www/system_advanced_firewall.php
+++ b/usr/local/www/system_advanced_firewall.php
@@ -191,18 +191,6 @@ function update_description(itemnum) {
<td colspan="2" valign="top" class="listtopic">Firewall Advanced</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell">FTP server compatibility</td>
- <td width="78%" class="vtable">
- <input name="rfc959workaround" type="checkbox" id="rfc959workaround" value="yes" <?php if (isset($config['system']['rfc959workaround'])) echo "checked"; ?> />
- <strong>Allow data connections from the FTP command port</strong><br/>
- This allows for communication with ftp servers that violate
- RFC 959 by opening data connections from the command port (21).
- These should be opened on the data port(20). This option should
- not expose you to any extra risk as the firewall will still only
- allow connections on a port that ftp-proxy listens on.
- </td>
- </tr>
- <tr>
<td width="22%" valign="top" class="vncell">IP Do-Not-Fragment compatibility</td>
<td width="78%" class="vtable">
<input name="scrubnodf" type="checkbox" id="scrubnodf" value="yes" <?php if (isset($config['system']['scrubnodf'])) echo "checked"; ?> />
OpenPOWER on IntegriCloud