Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37769258
en ru br
Репозитории ALT

Группа :: Система/Основа
Пакет: rcf

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

Патч: rcf-5.2.1s1-alt-more-actions.patch
Скачать

diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/services/310-ftpactv-clients rcf-5.2.1s1/etc/firewall/modules/common/services/310-ftpactv-clients
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/services/310-ftpactv-clients	2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/services/310-ftpactv-clients	2002-09-28 13:26:55 +0400
@@ -7,7 +7,7 @@
 #-----------------------------------------------------------------------
 #
 #m# 123
-#a# accept
+#a# accept ignore deny
 #i# cluster
 #n# ftpactv
 #t# clients
@@ -32,6 +32,28 @@
 	&& { inchain="$INCHAIN" ; outchain="$OUTCHAIN"; } \
 	|| { inchain="$OUTCHAIN"; outchain="$INCHAIN" ; }
 
+for host in `Option_Value ignore $INTOPT ftpactv clients`
+do
+	echo "Ignore $INTOPT $IPADDR FTP <- $host FTP Actv $LOG_MSG"
+
+	ipchains -A $inchain  -j DENY -p tcp      -s $host $UNPRIVPORTS -d $IPADDR ftp        $LOG
+	ipchains -A $outchain -j DENY -p tcp      -s $IPADDR ftp        -d $host $UNPRIVPORTS $LOG
+
+	ipchains -A $inchain  -j DENY -p tcp      -s $host $UNPRIVPORTS -d $IPADDR ftp-data   $LOG
+	ipchains -A $outchain -j DENY -p tcp      -s $IPADDR ftp-data   -d $host $UNPRIVPORTS $LOG
+done
+
+for host in `Option_Value deny $INTOPT ftpactv clients`
+do
+	echo "Deny $INTOPT $IPADDR FTP <- $host FTP Actv $LOG_MSG (logged)"
+
+	ipchains -A $inchain  -j DENY -p tcp      -s $host $UNPRIVPORTS -d $IPADDR ftp        -l
+	ipchains -A $outchain -j DENY -p tcp      -s $IPADDR ftp        -d $host $UNPRIVPORTS -l
+
+	ipchains -A $inchain  -j DENY -p tcp      -s $host $UNPRIVPORTS -d $IPADDR ftp-data   -l
+	ipchains -A $outchain -j DENY -p tcp      -s $IPADDR ftp-data   -d $host $UNPRIVPORTS -l
+done
+
 for host in `Option_Value accept $INTOPT ftpactv clients`
 do
 	echo "Accept $INTOPT $IPADDR FTP <- $host FTP Actv $LOG_MSG"
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/services/570-rsync-clients rcf-5.2.1s1/etc/firewall/modules/common/services/570-rsync-clients
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/services/570-rsync-clients	2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/services/570-rsync-clients	2002-09-28 13:26:55 +0400
@@ -8,7 +8,7 @@
 #-----------------------------------------------------------------------
 #
 #m# 123
-#a# accept
+#a# accept ignore deny
 #i# cluster
 #n# rsync
 #t# clients
@@ -21,9 +21,12 @@
 # START OF MODULE CODE
 #-----------------------------------------------------------------------
 
-for host in `Option_Value accept $INTOPT rsync clients`
+for action in ignore deny accept
 do
-	Accept_Hostports local tcp "RSYNC" $host rsync
+	for host in `Option_Value $action $INTOPT rsync clients`
+	do
+		Hostports $action local tcp "RSYNC" $host rsync
+	done
 done
-unset host
+unset action host
 
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/services/850-ftppasv-clients rcf-5.2.1s1/etc/firewall/modules/common/services/850-ftppasv-clients
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/services/850-ftppasv-clients	2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/services/850-ftppasv-clients	2002-09-28 13:26:55 +0400
@@ -7,7 +7,7 @@
 #-----------------------------------------------------------------------
 #
 #m# 123
-#a# accept ports
+#a# accept ignore deny ports
 #i# cluster
 #n# ftppasv
 #t# clients
@@ -38,6 +38,22 @@
 	&& { inchain="$INCHAIN" ; outchain="$OUTCHAIN"; } \
 	|| { inchain="$OUTCHAIN"; outchain="$INCHAIN" ; }
 
+for host in `Option_Value ignore $INTOPT ftppasv clients`
+do
+	echo "Ignore $INTOPT $IPADDR FTP <- $host Pasv $LOG_MSG"
+
+	ipchains -A $inchain  -j DENY -p tcp      -s $host $UNPRIVPORTS -d $IPADDR ftp $LOG
+	ipchains -A $outchain -j DENY -p tcp      -s $IPADDR ftp -d $host $UNPRIVPORTS $LOG
+done
+
+for host in `Option_Value deny $INTOPT ftppasv clients`
+do
+	echo "Deny $INTOPT $IPADDR FTP <- $host Pasv $LOG_MSG (logged)"
+
+	ipchains -A $inchain  -j DENY -p tcp      -s $host $UNPRIVPORTS -d $IPADDR ftp -l
+	ipchains -A $outchain -j DENY -p tcp      -s $IPADDR ftp -d $host $UNPRIVPORTS -l
+done
+
 for host in `Option_Value accept $INTOPT ftppasv clients`
 do
 	echo "Accept $INTOPT $IPADDR FTP <- $host Pasv $LOG_MSG"
diff -uprk.orig rcf-5.2.1s1.orig/Makefile rcf-5.2.1s1/Makefile
--- rcf-5.2.1s1.orig/Makefile	2002-01-03 17:32:24 +0300
+++ rcf-5.2.1s1/Makefile	2002-09-28 13:29:20 +0400
@@ -416,6 +416,8 @@ link_private_modules:
 		for file in \
 			010-dns-servers \
 			020-blacklist-hosts \
+			030-pptp-clients \
+			030-pptp-servers \
 			080-dhcp-clients \
 			100-nntp-clients \
 			100-nntp-servers \
@@ -453,6 +455,8 @@ link_private_modules:
 			510-auth-servers \
 			520-ftp-servers \
 			560-ldap-servers \
+			570-rsync-clients \
+			570-rsync-servers \
 			750-BLOCK-LOCAL-PORTS \
 			755-securemote-servers \
 			760-ftpactv-servers \
@@ -600,6 +604,8 @@ link_public_modules:
 			510-auth-servers \
 			520-ftp-servers \
 			560-ldap-servers \
+			570-rsync-clients \
+			570-rsync-servers \
 			700-bootp-clients \
 			750-BLOCK-LOCAL-PORTS \
 			755-securemote-servers \
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin