From 38560a2579ca902dfcf6a27f0f0ec2c59cf21972 Mon Sep 17 00:00:00 2001
From: Bill Marquette <billm@pfsense.org>
Date: Fri, 4 Mar 2005 16:44:03 +0000
Subject: Make RFC959 data port workaround configurable - default to disabled

---
 usr/local/www/system_advanced.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'usr')

diff --git a/usr/local/www/system_advanced.php b/usr/local/www/system_advanced.php
index 65bc8ae5..684047d 100755
--- a/usr/local/www/system_advanced.php
+++ b/usr/local/www/system_advanced.php
@@ -35,6 +35,7 @@ require("guiconfig.inc");
 
 $pconfig['disablefilter'] = $config['system']['disablefilter'];
 $pconfig['disableftpproxy'] = $config['system']['disableftpproxy'];
+$pconfig['rfc959workaround'] = $config['system']['rfc959workaround'];
 $pconfig['filteringbridge_enable'] = isset($config['bridge']['filteringbridge']);
 $pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']);
 $pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr'];
@@ -83,9 +84,13 @@ if ($_POST) {
 		}
 		if($_POST['disableftpproxy'] == "yes") {
 			$config['system']['disableftpproxy'] = "enabled";
+			unset($config['system']['rfc959workaround']);
 		} else {
 			unset($config['system']['disableftpproxy']);
 		}
+		if($_POST['rfc959workaround'] == "yes") {
+			$config['system']['rfc959workaround'] = "enabled";
+		}
 		$config['bridge']['filteringbridge'] = $_POST['filteringbridge_enable'] ? true : false;
 		$config['diag']['ipv6nat']['enable'] = $_POST['ipv6nat_enable'] ? true : false;
 		$config['diag']['ipv6nat']['ipaddr'] = $_POST['ipv6nat_ipaddr'];
@@ -312,6 +317,12 @@ function enable_change(enable_over) {
                     <input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if (isset($config['system']['disableftpproxy'])) echo "checked"; ?> onclick="enable_change(false)">
                     <strong class="vexpl">Disable the userland FTP-Proxy application</strong><br>
                 </tr>
+                <tr>
+                  <td width="22%" valign="top" class="vncell">FTP RFC 959 data port violation workaround</td>
+                  <td width="78%" class="vtable">
+                    <input name="rfc959workaround" type="checkbox" id="rfc959workaround" value="yes" <?php if (isset($config['system']['rfc959workaround'])) echo "checked"; ?> onclick="enable_change(false)">
+                    <strong class="vexpl">Workaround for sites that violate RFC 959 which specifies that the data connection be sourced from the command port - 1 (typicaly port 20).  This workaround doesn't expose you to any extra risk as the firewall will still only allow connections on a port that the ftp-proxy is listening on.</strong><br>
+                </tr>
 
 		<tr>
 		  <td width="22%" valign="top" class="vncell">Traffic Shaper Scheduler</td>
-- 
cgit v1.1