diff options
Diffstat (limited to 'usr/local')
-rwxr-xr-x | usr/local/www/firewall_nat.php | 7 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_1to1_edit.php | 31 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_edit.php | 39 | ||||
-rwxr-xr-x | usr/local/www/interfaces.php | 22 | ||||
-rw-r--r-- | usr/local/www/system_advanced_firewall.php | 12 |
5 files changed, 3 insertions, 108 deletions
diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php index a11fd8e..9bcc2e6 100755 --- a/usr/local/www/firewall_nat.php +++ b/usr/local/www/firewall_nat.php @@ -82,12 +82,7 @@ if (isset($_POST['del_x'])) { /* delete selected rules */ if (is_array($_POST['rule']) && count($_POST['rule'])) { foreach ($_POST['rule'] as $rulei) { - $target = $rule['target']; - $helpers = exec("/bin/ps awwux | grep pftpx | grep \"{$target}\" | grep -v grep | awk '{ print \$2 }'"); - if($helpers) { - /* kill ftp proxy helper */ - mwexec("/bin/kill {$helpers}"); - } + $target = $rule['target']; unset($a_nat[$rulei]); } write_config(); diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index cec2cad..116ca79 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -60,7 +60,6 @@ if (isset($id) && $a_1to1[$id]) { else $pconfig['subnet'] = $a_1to1[$id]['subnet']; $pconfig['descr'] = $a_1to1[$id]['descr']; - $pconfig['useftphelper'] = $a_1to1[$id]['useftphelper']; } else { $pconfig['subnet'] = 32; $pconfig['interface'] = "wan"; @@ -118,20 +117,10 @@ if ($_POST) { if (!$input_errors) { $natent = array(); - /* Is there a ftp-proxy process running? Kill it off if the items IP is changing. */ - if($a_1to1[$id]['useftphelper']) { - if($a_1to1[$id]['external'] != $_POST['external'] or - $a_1to1[$id]['internal'] != $_POST['internal'] or !$_POST['useftphelper']) { - $helpers = `/bin/ps awux | /usr/bin/grep "p 21 -R {$a_1to1[$id]['internal']} -b {$a_1to1[$id]['external']}" | /usr/bin/grep -v grep | /usr/bin/awk '{ print $2 }'`; - if($helpers) - exec("kill $helpers"); - } - } $natent['external'] = $_POST['external']; $natent['internal'] = $_POST['internal']; $natent['subnet'] = $_POST['subnet']; $natent['descr'] = $_POST['descr']; - $natent['useftphelper'] = $_POST['useftphelper']; $natent['interface'] = $_POST['interface']; if (isset($id) && $a_1to1[$id]) @@ -181,7 +170,7 @@ include("head.inc"); <td width="22%" valign="top" class="vncellreq">External subnet</td> <td width="78%" class="vtable"> <input name="external" type="text" class="formfld unknown" id="external" size="20" value="<?=htmlspecialchars($pconfig['external']);?>"> - <select name="subnet" class="formselect" id="subnet" onChange="hideshow_ftphelper();"> + <select name="subnet" class="formselect" id="subnet" > <?php for ($i = 32; $i >= 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['subnet']) echo "selected"; ?>> <?=$i;?> @@ -198,12 +187,6 @@ include("head.inc"); <br> <span class="vexpl">Enter the internal (LAN) subnet for the 1:1 mapping. The subnet size specified for the external subnet also applies to the internal subnet (they have to be the same).</span></td> </tr> - <tr id="ftphelperrow"> - <td width="22%" valign="top" class="vncell">Use FTP-Helper</td> - <td width="78%" class="vtable"> - <input name="useftphelper" type="checkbox" class="formfld unknown" id="useftphelper" <?php if($pconfig['useftphelper']) echo " CHECKED";?> > - <br><span class="vexpl">Checking this will launch a FTP Helper to assist in PASV NAT rewriting for the FTP protocol.</span></td> - </tr> <tr> <td width="22%" valign="top" class="vncell">Description</td> <td width="78%" class="vtable"> @@ -221,18 +204,6 @@ include("head.inc"); </td> </tr> </table> -<script type="text/javascript"> - function hideshow_ftphelper() { - if($('subnet').value == '32') { - $('ftphelperrow').show(); - } else { - $('ftphelperrow').hide(); - $('useftphelper').checked = false; - } - - } - hideshow_ftphelper(); -</script> </form> <?php include("fend.inc"); ?> </body> diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 5fe8fd2..b7a65e4 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -224,45 +224,6 @@ if ($_POST) { $config['filter']['rule'][] = $filterent; - /* auto add rule to external port 21 as well since we are using - * pftpx to help open up ports automatically - */ - if($_POST['endport'] == "21") { - $filterent = array(); - $filterent['interface'] = $_POST['interface']; - $filterent['protocol'] = $_POST['proto']; - $filterent['source']['any'] = ""; - - if($_POST['extaddr'] == "") { - $filterent['destination']['network'] = "wanip"; - } else { - $filterent['destination']['address'] = $_POST['extaddr']; - } - - $dstpfrom = $_POST['localbeginport']; - $dstpto = $dstpfrom + $_POST['endport'] - $_POST['beginport']; - - if ($dstpfrom == $dstpto) - $filterent['destination']['port'] = $dstpfrom; - else - $filterent['destination']['port'] = $dstpfrom . "-" . $dstpto; - - $filterent['descr'] = "NAT " . $_POST['descr']; - /* See comment above */ - $filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 63); - - $config['filter']['rule'][] = $filterent; - - touch($d_filterconfdirty_path); - - write_config(); - - header("Location: firewall_nat.php?savemsg=The%20changes%20have%20been%20saved.%20%20Please%20note%20that%20we%20have%20added%20an%20additional%20rule%20for%20the%20FTP%20helper."); - - exit; - - } - touch($d_filterconfdirty_path); } diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 5f9f2ed..8145ffa 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -136,8 +136,6 @@ $pconfig['pptp_remote'] = $wancfg['remote']; $pconfig['pptp_dialondemand'] = isset($wancfg['ondemand']); $pconfig['pptp_idletimeout'] = $wancfg['timeout']; -$pconfig['disableftpproxy'] = isset($wancfg['disableftpproxy']); - $pconfig['dhcphostname'] = $wancfg['dhcphostname']; $pconfig['alias-address'] = $wancfg['alias-address']; $pconfig['alias-subnet'] = $wancfg['alias-subnet']; @@ -237,7 +235,6 @@ if ($_POST['apply']) { unlink_if_exists("{$g['tmp_path']}/config.cache"); unlink_if_exists("{$d_landirty_path}"); interface_configure($if); - system_start_ftp_helpers(); reset_carp(); /* restart snmp so that it binds to correct address */ services_snmpd_configure(); @@ -421,10 +418,7 @@ if ($_POST) { unset($wancfg['local']); unset($wancfg['subnet']); unset($wancfg['remote']); - unset($wancfg['disableftpproxy']); - /* per interface pftpx helper */ - if ($_POST['disableftpproxy'] == "yes") - $wancfg['disableftpproxy'] = true; + $wancfg['descr'] = remove_bad_chars($_POST['descr']); if ($if == "wan" || $if == "lan") $wancfg['enable'] = true; @@ -1396,20 +1390,6 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe" <td colspan="2" valign="top" height="16"></td> </tr> <tr> - <td colspan="2" valign="top" class="listtopic">Other</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">FTP Helper</td> - <td width="78%" class="vtable"> - <input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if ($pconfig['disableftpproxy']) echo "checked"; ?> /> - <strong>Disable the userland FTP-Proxy application</strong> - <br /> - </td> - </tr> - <tr> - <td colspan="2" valign="top" height="16"></td> - </tr> - <tr> <td colspan="2" valign="top" class="listtopic">Private networks</td> </tr> <tr> diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 0843bc7..770634e 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -191,18 +191,6 @@ function update_description(itemnum) { <td colspan="2" valign="top" class="listtopic">Firewall Advanced</td> </tr> <tr> - <td width="22%" valign="top" class="vncell">FTP server compatibility</td> - <td width="78%" class="vtable"> - <input name="rfc959workaround" type="checkbox" id="rfc959workaround" value="yes" <?php if (isset($config['system']['rfc959workaround'])) echo "checked"; ?> /> - <strong>Allow data connections from the FTP command port</strong><br/> - This allows for communication with ftp servers that violate - RFC 959 by opening data connections from the command port (21). - These should be opened on the data port(20). This option should - not expose you to any extra risk as the firewall will still only - allow connections on a port that ftp-proxy listens on. - </td> - </tr> - <tr> <td width="22%" valign="top" class="vncell">IP Do-Not-Fragment compatibility</td> <td width="78%" class="vtable"> <input name="scrubnodf" type="checkbox" id="scrubnodf" value="yes" <?php if (isset($config['system']['scrubnodf'])) echo "checked"; ?> /> |