Группа :: Система/Основа
Пакет: rcf
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: rcf-5.2.1s1-alt-more-actions.patch
Скачать
Скачать
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/services/310-ftpactv-clients rcf-5.2.1s1/etc/firewall/modules/common/services/310-ftpactv-clients
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/services/310-ftpactv-clients 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/services/310-ftpactv-clients 2002-09-28 13:26:55 +0400
@@ -7,7 +7,7 @@
#-----------------------------------------------------------------------
#
#m# 123
-#a# accept
+#a# accept ignore deny
#i# cluster
#n# ftpactv
#t# clients
@@ -32,6 +32,28 @@
&& { inchain="$INCHAIN" ; outchain="$OUTCHAIN"; } \
|| { inchain="$OUTCHAIN"; outchain="$INCHAIN" ; }
+for host in `Option_Value ignore $INTOPT ftpactv clients`
+do
+ echo "Ignore $INTOPT $IPADDR FTP <- $host FTP Actv $LOG_MSG"
+
+ ipchains -A $inchain -j DENY -p tcp -s $host $UNPRIVPORTS -d $IPADDR ftp $LOG
+ ipchains -A $outchain -j DENY -p tcp -s $IPADDR ftp -d $host $UNPRIVPORTS $LOG
+
+ ipchains -A $inchain -j DENY -p tcp -s $host $UNPRIVPORTS -d $IPADDR ftp-data $LOG
+ ipchains -A $outchain -j DENY -p tcp -s $IPADDR ftp-data -d $host $UNPRIVPORTS $LOG
+done
+
+for host in `Option_Value deny $INTOPT ftpactv clients`
+do
+ echo "Deny $INTOPT $IPADDR FTP <- $host FTP Actv $LOG_MSG (logged)"
+
+ ipchains -A $inchain -j DENY -p tcp -s $host $UNPRIVPORTS -d $IPADDR ftp -l
+ ipchains -A $outchain -j DENY -p tcp -s $IPADDR ftp -d $host $UNPRIVPORTS -l
+
+ ipchains -A $inchain -j DENY -p tcp -s $host $UNPRIVPORTS -d $IPADDR ftp-data -l
+ ipchains -A $outchain -j DENY -p tcp -s $IPADDR ftp-data -d $host $UNPRIVPORTS -l
+done
+
for host in `Option_Value accept $INTOPT ftpactv clients`
do
echo "Accept $INTOPT $IPADDR FTP <- $host FTP Actv $LOG_MSG"
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/services/570-rsync-clients rcf-5.2.1s1/etc/firewall/modules/common/services/570-rsync-clients
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/services/570-rsync-clients 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/services/570-rsync-clients 2002-09-28 13:26:55 +0400
@@ -8,7 +8,7 @@
#-----------------------------------------------------------------------
#
#m# 123
-#a# accept
+#a# accept ignore deny
#i# cluster
#n# rsync
#t# clients
@@ -21,9 +21,12 @@
# START OF MODULE CODE
#-----------------------------------------------------------------------
-for host in `Option_Value accept $INTOPT rsync clients`
+for action in ignore deny accept
do
- Accept_Hostports local tcp "RSYNC" $host rsync
+ for host in `Option_Value $action $INTOPT rsync clients`
+ do
+ Hostports $action local tcp "RSYNC" $host rsync
+ done
done
-unset host
+unset action host
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/services/850-ftppasv-clients rcf-5.2.1s1/etc/firewall/modules/common/services/850-ftppasv-clients
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/services/850-ftppasv-clients 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/services/850-ftppasv-clients 2002-09-28 13:26:55 +0400
@@ -7,7 +7,7 @@
#-----------------------------------------------------------------------
#
#m# 123
-#a# accept ports
+#a# accept ignore deny ports
#i# cluster
#n# ftppasv
#t# clients
@@ -38,6 +38,22 @@
&& { inchain="$INCHAIN" ; outchain="$OUTCHAIN"; } \
|| { inchain="$OUTCHAIN"; outchain="$INCHAIN" ; }
+for host in `Option_Value ignore $INTOPT ftppasv clients`
+do
+ echo "Ignore $INTOPT $IPADDR FTP <- $host Pasv $LOG_MSG"
+
+ ipchains -A $inchain -j DENY -p tcp -s $host $UNPRIVPORTS -d $IPADDR ftp $LOG
+ ipchains -A $outchain -j DENY -p tcp -s $IPADDR ftp -d $host $UNPRIVPORTS $LOG
+done
+
+for host in `Option_Value deny $INTOPT ftppasv clients`
+do
+ echo "Deny $INTOPT $IPADDR FTP <- $host Pasv $LOG_MSG (logged)"
+
+ ipchains -A $inchain -j DENY -p tcp -s $host $UNPRIVPORTS -d $IPADDR ftp -l
+ ipchains -A $outchain -j DENY -p tcp -s $IPADDR ftp -d $host $UNPRIVPORTS -l
+done
+
for host in `Option_Value accept $INTOPT ftppasv clients`
do
echo "Accept $INTOPT $IPADDR FTP <- $host Pasv $LOG_MSG"
diff -uprk.orig rcf-5.2.1s1.orig/Makefile rcf-5.2.1s1/Makefile
--- rcf-5.2.1s1.orig/Makefile 2002-01-03 17:32:24 +0300
+++ rcf-5.2.1s1/Makefile 2002-09-28 13:29:20 +0400
@@ -416,6 +416,8 @@ link_private_modules:
for file in \
010-dns-servers \
020-blacklist-hosts \
+ 030-pptp-clients \
+ 030-pptp-servers \
080-dhcp-clients \
100-nntp-clients \
100-nntp-servers \
@@ -453,6 +455,8 @@ link_private_modules:
510-auth-servers \
520-ftp-servers \
560-ldap-servers \
+ 570-rsync-clients \
+ 570-rsync-servers \
750-BLOCK-LOCAL-PORTS \
755-securemote-servers \
760-ftpactv-servers \
@@ -600,6 +604,8 @@ link_public_modules:
510-auth-servers \
520-ftp-servers \
560-ldap-servers \
+ 570-rsync-clients \
+ 570-rsync-servers \
700-bootp-clients \
750-BLOCK-LOCAL-PORTS \
755-securemote-servers \