Группа :: Система/Основа
Пакет: rcf
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: rcf-5.2.1s1-cvs.patch
Скачать
Скачать
diff -uprk.orig rcf-5.2.1s1.orig/ChangeLog rcf-5.2.1s1/ChangeLog
--- rcf-5.2.1s1.orig/ChangeLog 2002-01-03 17:32:24 +0300
+++ rcf-5.2.1s1/ChangeLog 2002-12-01 02:20:07 +0300
@@ -1,6 +1,14 @@
RELEASE NOTES
+Version 6.0
+-----------
+Updated FAQ with PPP and PPTP troubleshooting info. Man pages and FAQ
+updated with new URL's (http://rcf.mvlan.net:8080/). Removed 69.0.0.0/8,
+92.0.0.0/8 and 221.0.0.0/8 networks, which were removed from IANA
+reserved list. Updated Edwin's e-mail address to e.ten.brink@freeler.nl.
+Added 790-time-clients. Added Earth and Beyond game module.
+
Version 5.2.1s1 (January 3rd 2002)
----------------------------------
Dougal Holmes provided several updates, including: contributing
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/functions/device_subnets.sh rcf-5.2.1s1/etc/firewall/functions/device_subnets.sh
--- rcf-5.2.1s1.orig/etc/firewall/functions/device_subnets.sh 2002-01-03 17:32:24 +0300
+++ rcf-5.2.1s1/etc/firewall/functions/device_subnets.sh 2002-12-01 02:19:29 +0300
@@ -2,12 +2,12 @@
#-----------------------------------------------------------------------
# Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#-----------------------------------------------------------------------
-# $Id: device_subnets.sh,v 1.6 2001/09/02 22:09:26 jsmoriss Exp $
+# $Id: device_subnets.sh,v 1.3 2002/07/30 03:27:13 jsmoriss Exp $
#-----------------------------------------------------------------------
# $RCSfile: device_subnets.sh,v $
# $Author: jsmoriss $
-# $Revision: 1.6 $
-# $Date: 2001/09/02 22:09:26 $
+# $Revision: 1.3 $
+# $Date: 2002/07/30 03:27:13 $
# $Locker: $
# $Name: $
#-----------------------------------------------------------------------
@@ -57,10 +57,10 @@ Device_Subnets () {#
netstat -nre 2>/dev/null | \
sed -n -e "s/^\([0-9\.]*\) *\([0-9\.]*\) *\([0-9\.]*\) *U[HG]* *[0-9]* *[0-9]* *[0-9]* *${device}$/\1 \2 \3/p" | \- grep -v '^\(0\.0\.0\.0\|255\.255\.255\.255\) ' | \
+ grep -v '^0\.0\.0\.0 [0-9\.]* 0\.0\.\0.\0' | \
+ grep -v '^255\.255\.255\.255 [0-9\.]* 255\.255\.255\.255' | \
sed -n -e 's/^\([0-9\.]*\) [0-9\.]* \([0-9\.]*\)$/\1\/\2/p'
} | sort | Sed_Uniq
-
unset prefix device network netmask ipaddr
}
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/groups/iana-reserved-networks rcf-5.2.1s1/etc/firewall/groups/iana-reserved-networks
--- rcf-5.2.1s1.orig/etc/firewall/groups/iana-reserved-networks 2002-01-03 17:32:24 +0300
+++ rcf-5.2.1s1/etc/firewall/groups/iana-reserved-networks 2002-12-01 02:20:07 +0300
@@ -5,8 +5,9 @@
#
# IANA Reserved Networks. These addresses should not be seen on the
# internet. You should update this list once or twice per year. The
-# defaults were last verified against <http://www.iana.org/assignments/
-# ipv4-address-space> (last updated 2001 November 30) in December 2001.
+# defaults were last verified against
+# <http://www.iana.org/assignments/ipv4-address-space>
+# (last updated October 25, 2002) on November 24, 2002.
#
#-----------------------------------------------------------------------
@@ -25,7 +26,6 @@
58.0.0.0/8
59.0.0.0/8
60.0.0.0/8
-69.0.0.0/8
70.0.0.0/8
71.0.0.0/8
72.0.0.0/8
@@ -36,7 +36,6 @@
77.0.0.0/8
78.0.0.0/8
79.0.0.0/8
-82.0.0.0/8
83.0.0.0/8
84.0.0.0/8
85.0.0.0/8
@@ -83,7 +82,6 @@
126.0.0.0/8
127.0.0.0/8
197.0.0.0/8
-221.0.0.0/8
222.0.0.0/8
223.0.0.0/8
240.0.0.0/8
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/online-games/earthandbeyond rcf-5.2.1s1/etc/firewall/modules/common/online-games/earthandbeyond
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/online-games/earthandbeyond 1970-01-01 03:00:00 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/online-games/earthandbeyond 2002-12-01 02:19:29 +0300
@@ -0,0 +1,38 @@
+
+#-----------------------------------------------------------------------
+# MODULE CONFIGURATION
+#-----------------------------------------------------------------------
+#
+#m# 123
+#a# accept
+#n# earthandbeyond
+#t# servers
+#
+# |--------------------------------------------------------------------|
+#d# Earth and Beyond (Ports 3000-4000 UDP, 3801 TCP)
+#d#
+#d# Example: (IP shown is EA's, and should work)
+#d# accept-eth0-earthandbeyond-servers = 159.143.232.0/24
+#d#
+# |--------------------------------------------------------------------|
+#
+#
+#-----------------------------------------------------------------------
+# START OF MODULE CODE
+#-----------------------------------------------------------------------
+module_name="earthandbeyond" # module name used in options
+module_type="servers" # module type (clients, servers, etc.)
+tcp_ports="3801" # TCP ports used for login
+udp_ports="3000:4000" # UDP ports used for gaming
+
+action_log="$LOG"
+action_log_msg="$LOG_MSG"
+
+for host in `Option_Value accept $INTOPT $module_name $module_type`
+do
+ Hostports accept remote tcp "Earth and Beyond Login" $host $tcp_ports
+ Hostports accept remote udp "Earth and Beyond game server" $host $udp_ports
+done
+
+unset module_name module_type tcp_ports udp_ports
+unset action_log_msg action_log host
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/port-forwarding/afp rcf-5.2.1s1/etc/firewall/modules/common/port-forwarding/afp
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/port-forwarding/afp 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/port-forwarding/afp 2002-12-01 02:19:29 +0300
@@ -37,8 +37,8 @@ udp_port="548"
for host in `Option_Value forward $INTOPT afp host`
do
- Forward_Hostports tcp "PcAnywhere" $host $tcp_port
- Forward_Hostports udp "PcAnywhere" $host $udp_port
+ Forward_Hostports tcp "AFP" $host $tcp_port
+ Forward_Hostports udp "AFP" $host $udp_port
done
unset tcp_port udp_port host
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/services/210-real-servers rcf-5.2.1s1/etc/firewall/modules/common/services/210-real-servers
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/services/210-real-servers 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/services/210-real-servers 2002-12-01 02:19:29 +0300
@@ -1,4 +1,3 @@
-
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
@@ -23,6 +22,10 @@
# START OF MODULE CODE
#-----------------------------------------------------------------------
+[ ! "$CLUSTER_MODE" ] && \
+ { inchain="$INCHAIN"; outchain="$OUTCHAIN"; } || \+ { inchain="$OUTCHAIN"; outchain="$INCHAIN"; }+
for host in `Option_Value accept $INTOPT real servers`
do
echo "Accept $INTOPT $IPADDR -> $HOST RealPlayer $LOG_MSG"
@@ -34,4 +37,5 @@ do
ipchains -A $inchain -j ACCEPT -p tcp -s $HOST 554 -d $IPADDR $UNPRIVPORTS ! -y $LOG
ipchains -A $inchain -j ACCEPT -p tcp -s $HOST 7070 -d $IPADDR $UNPRIVPORTS ! -y $LOG
done
-unset host
+
+unset host inchain outchain
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/services/225-termserv-clients rcf-5.2.1s1/etc/firewall/modules/common/services/225-termserv-clients
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/services/225-termserv-clients 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/services/225-termserv-clients 2002-12-01 02:19:29 +0300
@@ -1,7 +1,8 @@
+
#-----------------------------------------------------------------------
-# Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
+# Copyright (C) 2000-2002, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#-----------------------------------------------------------------------
-# $Id: 225-termserv-clients,v 1.2 2001/12/27 22:58:59 dholmes Exp $
+# $Id: 225-termserv-clients,v 1.3 2002/03/04 16:28:36 jsmoriss Exp $
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
@@ -27,12 +28,13 @@
module_name="termserv" # module name used in options
module_type="clients" # the module type (clients, servers, etc.)
service_name="Terminal Server" # displayed on-screen
-service_port="3389 1494" # port number for this service
+tcp_service_port="3389 1494" # tcp port numbers
+udp_service_port="1604" # udp browser port
for host in `Option_Value accept $INTOPT $module_name $module_type`
do
- Hostports accept local tcp "$service_name" $host $service_port
+ Hostports accept local tcp "$service_name" $host $tcp_service_port
+ Hostports accept local udp "" $host $udp_service_port
done
-unset module_name module_type service_name service_port host
-
+unset module_name module_type service_name tcp_service_port udp_service_port host
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/services/225-termserv-servers rcf-5.2.1s1/etc/firewall/modules/common/services/225-termserv-servers
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/services/225-termserv-servers 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/services/225-termserv-servers 2002-12-01 02:19:29 +0300
@@ -1,7 +1,8 @@
+
#-----------------------------------------------------------------------
-# Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
+# Copyright (C) 2000-2002, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#-----------------------------------------------------------------------
-# $Id: 225-termserv-servers,v 1.2 2001/12/27 22:58:59 dholmes Exp $
+# $Id: 225-termserv-servers,v 1.3 2002/03/04 16:28:36 jsmoriss Exp $
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
@@ -27,12 +28,13 @@
module_name="termserv" # module name used in options
module_type="servers" # the module type (clients, servers, etc.)
service_name="Terminal Server" # displayed on-screen
-service_port="3389 1494" # port number for this service
+tcp_service_port="3389 1494" # tcp port numbers
+udp_service_port="1604" # udp browser port
for host in `Option_Value accept $INTOPT $module_name $module_type`
do
- Hostports accept remote tcp "$service_name" $host $service_port
+ Hostports accept remote tcp "$service_name" $host $tcp_service_port
+ Hostports accept remote udp "" $host $udp_service_port
done
-unset module_name module_type service_name service_port host
-
+unset module_name module_type service_name tcp_service_port udp_service_port host
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/services/330-smb-hosts rcf-5.2.1s1/etc/firewall/modules/common/services/330-smb-hosts
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/services/330-smb-hosts 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/services/330-smb-hosts 2002-12-01 02:20:07 +0300
@@ -65,35 +65,34 @@ do
done
unset action action_log_msg action_log
+# Execute this block only once to support all SMB hosts.
+# These are generic rules which deal with broadcast addresses.
if [ "`Option_Value accept $INTOPT smb hosts`" ]
then
if [ ! "$CLUSTER_NAME" ]
then
echo "Accept $INTOPT $IPADDR SMB <-> $BROADCAST SMB $LOG_MSG"
- # Added by Jean-Sebastien Morisset <jsmoriss@mvlan.net> on January 14th, 2001
ipchains -A $inchain -j ACCEPT -p udp -s $IPADDR netbios-ns -d $BROADCAST netbios-ns $LOG
-
- # Commented by Dougal Holmes <dholmes@bigpond.net.au> 2001-04-20
- ####ipchains -A $inchain -j ACCEPT -p udp -s $BROADCAST netbios-ns -d $IPADDR netbios-ns $LOG
-
ipchains -A $outchain -j ACCEPT -p udp -s $IPADDR netbios-ns -d $BROADCAST netbios-ns $LOG
ipchains -A $inchain -j ACCEPT -p udp -s $IPADDR $UNPRIVPORTS -d $BROADCAST netbios-ns $LOG
ipchains -A $outchain -j ACCEPT -p udp -s $IPADDR $UNPRIVPORTS -d $BROADCAST netbios-ns $LOG
+
+ # The following rule was added by Jean-Sebastien Morisset 20020620
+ ipchains -A $outchain -j ACCEPT -p udp -s $IPADDR netbios-ns -d $BROADCAST_DEST netbios-ns $LOG
- # Added by Jean-Sebastien Morisset <jsmoriss@mvlan.net> on January 14th, 2001
ipchains -A $inchain -j ACCEPT -p udp -s $IPADDR netbios-dgm -d $BROADCAST netbios-dgm $LOG
-
- # Commented by Dougal Holmes <dholmes@bigpond.net.au> 2001-04-20
- ####ipchains -A $inchain -j ACCEPT -p udp -s $BROADCAST netbios-dgm -d $IPADDR netbios-dgm $LOG
+ ipchains -A $outchain -j ACCEPT -p udp -s $IPADDR netbios-dgm -d $BROADCAST netbios-dgm $LOG
- ipchains -A $outchain -j ACCEPT -p udp -s $IPADDR netbios-dgm -d $BROADCAST netbios-dgm $LOG
+ # The following rule was added by Jean-Sebastien Morisset 20020620
+ ipchains -A $outchain -j ACCEPT -p udp -s $IPADDR netbios-dgm -d $BROADCAST_DEST netbios-dgm $LOG
ipchains -A $inchain -j DENY -p tcp -s $BROADCAST netbios-ssn -d $IPADDR netbios-ssn $LOG
ipchains -A $outchain -j REJECT -p tcp -s $IPADDR netbios-ssn -d $BROADCAST netbios-ssn $LOG
fi
fi
+# These are the host specific SMB rules.
for host in `Option_Value accept $INTOPT smb hosts`
do
echo "Accept $INTOPT $IPADDR SMB <-> $host SMB $LOG_MSG"
@@ -122,9 +121,6 @@ do
ipchains -A $inchain -j ACCEPT -p udp -s $host netbios-dgm -d $IPADDR netbios-dgm $LOG
ipchains -A $outchain -j ACCEPT -p udp -s $IPADDR netbios-dgm -d $host netbios-dgm $LOG
- # Commented by Dougal Holmes <dholmes@bigpond.net.au> 2001-04-20
- ####ipchains -A $outchain -j ACCEPT -p udp -s $IPADDR $UNPRIVPORTS -d $host netbios-dgm $LOG
-
#
# netbios-ssn
#
@@ -137,13 +133,16 @@ do
ipchains -A $outchain -j ACCEPT -p tcp -s $IPADDR $UNPRIVPORTS -d $host netbios-ssn $LOG
ipchains -A $inchain -j ACCEPT -p tcp $SYNOPT -s $host netbios-ssn -d $IPADDR $UNPRIVPORTS $LOG
- #
# microsoft-ds
#
- # This new part of the protocol is not supported by Samba, so we can
- # ignore the traffic for now. This may change in the future, however.
+ # This new part of the protocol is not supported by Samba.
+ # It is the new standard for Windows 2000/XP servers, and may be required by clusters
#
- ipchains -A $inchain -j DENY -p tcp -s $host $UNPRIVPORTS -d $IPADDR 445 $LOG
+ ipchains -A $inchain -j ACCEPT -p tcp -s $host $UNPRIVPORTS -d $IPADDR 445 $LOG
+ ipchains -A $outchain -j ACCEPT -p tcp $SYNOPT -s $IPADDR 445 -d $host $UNPRIVPORTS $LOG
+
+ ipchains -A $outchain -j ACCEPT -p tcp -s $IPADDR $UNPRIVPORTS -d $host 445 $LOG
+ ipchains -A $inchain -j ACCEPT -p tcp $SYNOPT -s $host 445 -d $IPADDR $UNPRIVPORTS $LOG
done
unset host
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/services/790-time-clients rcf-5.2.1s1/etc/firewall/modules/common/services/790-time-clients
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/services/790-time-clients 1970-01-01 03:00:00 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/services/790-time-clients 2002-12-01 02:19:29 +0300
@@ -0,0 +1,26 @@
+
+#-----------------------------------------------------------------------
+# MODULE CONFIGURATION
+#-----------------------------------------------------------------------
+#
+#m# 123
+#a# accept
+#i# cluster novirtual
+#n# time
+#t# clients
+#
+# |--------------------------------------------------------------------|
+#d# time (Port 37 TCP)
+#d# Allows clients to obtain the time (port 37 TCP). The ntp
+#d# protocol is usually preferred instead of the time protocol.
+# |--------------------------------------------------------------------|
+#
+#-----------------------------------------------------------------------
+# START OF MODULE CODE
+#-----------------------------------------------------------------------
+
+for host in `Option_Value accept $INTOPT time clients`
+do
+ Hostports accept local tcp "Time" $host time
+done
+unset host
diff -uprk.orig rcf-5.2.1s1.orig/etc/firewall/modules/common/services/790-time-servers rcf-5.2.1s1/etc/firewall/modules/common/services/790-time-servers
--- rcf-5.2.1s1.orig/etc/firewall/modules/common/services/790-time-servers 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/etc/firewall/modules/common/services/790-time-servers 2002-12-01 02:19:29 +0300
@@ -10,8 +10,9 @@
#t# servers
#
# |--------------------------------------------------------------------|
+#d# time (Remote port 37 TCP, 37 UDP)
#d# Allow access to time (port 37) servers in UDP and TCP. The ntp
-#d# protocol is usually prefered instead of the time protocol.
+#d# protocol is usually preferred instead of the time protocol.
# |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
diff -uprk.orig rcf-5.2.1s1.orig/FAQ.html rcf-5.2.1s1/FAQ.html
--- rcf-5.2.1s1.orig/FAQ.html 2002-01-03 17:32:24 +0300
+++ rcf-5.2.1s1/FAQ.html 2002-12-01 02:19:29 +0300
@@ -70,6 +70,7 @@ What are those martians in my logs?<BR>
How do I set up a DMZ (De-Militarized Zone) using RCF?<BR>
How would a MZ config look like?<BR>
How do I set up VPN (Virtual Private Networking) using RCF?<BR>
+How do I enable a PPTP server inside my firewall?<BR>
How do I forward ports to a server on my internal LAN?<BR>
How can I determine what ports should be forwarded to a server on my internal LAN?<BR>
How do I protect Windows machines on my internal LAN from trojans?<BR>
@@ -157,20 +158,20 @@ People usually refer to this document or
<DT>Maintainer:
<DD>Edwin ten Brink
<DT>E-mail:
-<DD>For remarks on this document only <a href="mailto:edwin@privateer.student.utwente.nl?subject=RCF FAQ question">edwin@privateer.student.utwente.nl</a>.<BR>
+<DD>For remarks on this document only <a href="mailto:e.ten.brink@freeler.nl?subject=RCF FAQ question">e.ten.brink@freeler.nl</a>.<BR>
PLEASE: Questions on RCF should be directed to the <a href="#userslist">'users' mailing list</a>. You'll get more and better answers there, since I only collect experiences.
<DT>Last revision date:
-<DD>December 14, 2001 (Version under development can be found in the <a href="http://rcf.mvlan.net/dist/dev/FAQ.html">dev directory</a>)
+<DD>March 11, 2002 (Version under development can be found in the <a href="http://rcf.mvlan.net/dist/dev/FAQ.html">dev directory</a>)
<DT>RCF version:
-<DD>5.2.1
+<DD>6.0
<DT>License:
<DD>GPL
<DT>Homepage:
-<DD><a href="http://rcf.mvlan.net/" target="_blank">http://rcf.mvlan.net/</a><BR>
+<DD><a href="http://rcf.mvlan.net:8080/" target="_blank">http://rcf.mvlan.net:8080/</a><BR>
<DT>Thanks to:
<DD>All people who posed questions... and those who provided answers.
</DL>
-This document will never be complete. <a href="mailto:edwin@privateer.student.utwente.nl?subject=RCF FAQ feedback">Feedback</a>, also positive, is highly
+This document will never be complete. <a href="mailto:e.ten.brink@freeler.nl?subject=RCF FAQ feedback">Feedback</a>, also positive, is highly
appreciated.<BR>
<H1><a name="chapter_1">1. HELP! - It doesn't work!</a></H1>
<UL>
@@ -190,7 +191,7 @@ appreciated.<BR>
<LI>Read this entire document.<BR>
<LI>Use all information quoted in the <a href="#chapter_5-1">websites</a> and documentation.<BR>
<LI>Pose a question, on the <a href="#chapter_3-6">mailing list</a><BR>
-<LI>The latest version of this FAQ is available in the <a href="http://rcf.mvlan.net/dist/dev/" target="_blank">dev directory</a><BR>
+<LI>The latest version of this FAQ is available in the <a href="http://rcf.mvlan.net:8080/dist/dev/" target="_blank">dev directory</a><BR>
</UL>
<DL>
<DT><em>Q: RCF gives an error/warning.</em><BR>
@@ -236,6 +237,9 @@ Invoke RCF like this, so RCF will keep g
the initscripts when my computer boots. I'm using RedHat 6.1 or older (initscripts older than 5.0).</em>
<DD>A: RCF conforms to initscripts 5.0. You should upgrade your initscripts to 5.0 or better.<BR>
<BR>
+<DT><em>Q: RCF blocks my ppp connection.</em>
+<DD>A: These are the symptoms: Without rcf running your dialup works fine, but not if you run rcf at start up. It ignores the interface because its not up. If you wait for the modem to connect and the interface to go up, then re-run the firewall, everything works. This behavior is intended. Since the IP address of you ppp connection is unknown before you start it up, rcf (or any other firewall for that matter) cannot implement any rules, since it needs to know the ip address of the connection in order to set up the rules. You may want to use the --refresh-interfaces option after the ppp connection goes up or down. Or just start and stop the firewall with the connection, by adding '/etc/init.d/firewall restart' to your /etc/ppp/ip-up.local file (or create a file in /etc/ppp/ip-up.d/ to start it on Debian.)<BR>
+<BR>
<DT><em>Q: I can't get the virtual interfaces to work!</em>
<DD>A: It seems that the code is flawed at least as far as 5.1b7. You should upgrade to a better version.<BR>
<BR>
@@ -367,7 +371,7 @@ files.<BR>
<DL><DT><em>Plain tar file / Slackware</em>
<DD><UL><LI>Untar it.
<LI>Run the install.sh script.
-<LI>For more info, or manual install, please refer to the <a href="http://rcf.mvlan.net/dist/INSTALL" target="_blank">installation notes</a>.
+<LI>For more info, or manual install, please refer to the <a href="http://rcf.mvlan.net:8080/dist/INSTALL" target="_blank">installation notes</a>.
</UL>
<DT><em>RedHat (RPM)</em>
<DD>rpm -U rcf-noarch-[version].rpm
@@ -564,11 +568,11 @@ automagically for me.<BR>
<DT><H2><a name="chapter_3-2">Installing / upgrading</a></H2>
<DT><em>Where can I get the latest version of RCF?</em><BR>
<BR>
-<DD>The latest stable version will be available at the <a href="http://rcf.mvlan.net/" target="_blank">homepage</a> and at
+<DD>The latest stable version will be available at the <a href="http://rcf.mvlan.net:8080/" target="_blank">homepage</a> and at
<a href="http://freshmeat.net/projects/rcf" target="_blank">Freshmeat</a>.
If you feel the need to have the latest version, for development, or because
you need the state-of-the-art, you can download the development version at:
-<a href="http://rcf.mvlan.net/dist/dev/" target="_blank">http://rcf.mvlan.net/dist/dev/</a><BR>
+<a href="http://rcf.mvlan.net:8080/dist/dev/" target="_blank">http://rcf.mvlan.net:8080/dist/dev/</a><BR>
Be advised that the development version may contain bugs, doesn't function
correctly etc.<BR>
It is <strong>not recommended</strong> to run the development version on a production
@@ -1119,6 +1123,20 @@ you have accept-[int]-ping-clients set c
</UL>
<BR>
<BR>
+<DT><em>How do I enable a PPTP server inside my firewall?</em><BR>
+<BR>
+<DD>The PPTP modules only allow Network Address Translation (NAT) for clients, and
+not for servers. So if your PPTP server is on the Internal LAN using a private,
+NAT'd address, then it will not work. This is a restriction of the PPTP protocol,
+and not rcf. If, however, your PPTP server is in a DMZ, then the modules work.
+Put 030-pptp-clients into the DMZ interface, setup a cluster on the DMZ which
+includes the PPTP server, and update the config file. Then put the desired client
+addresses in the DMZ cluster, and away it should go. 030-pptp-servers is used to
+control which PPTP servers you want to connect to, either from the firewall, or
+from the internal LAN (provided you have the pptp module loaded into the kernel if
+you are using NAT).<BR>
+<BR>
+<BR>
<DT><em>How do I forward ports to a server on my internal LAN?</em><BR>
<BR>
<DD>
@@ -1183,7 +1201,7 @@ your configuration file.<BR>
<DT><em>How can I use multiple public connections in a fail-over setup?</em><BR>
<BR>
<DD>In this example we have an ADSL modem on ppp0 and a CableModem on eth1. All
-referenced scripts can be found in a contrib directory, <a href="http://rcf.mvlan.net/dist/contrib/adsl-cable-failover/" target="_blank">http://rcf.mvlan.net/dist/contrib/adsl-cable-failover/</a>.
+referenced scripts can be found in a contrib directory, <a href="http://rcf.mvlan.net:8080/dist/contrib/adsl-cable-failover/" target="_blank">http://rcf.mvlan.net:8080/dist/contrib/adsl-cable-failover/</a>.
The idea is to use the ADSL to host web servers, etc., and the CableModem for all outgoing
stuff (like browsing the web from LAN PCs, outgoing e-mail, etc.). If one
of the lines goes down, traffic should start using the other viable
@@ -1261,7 +1279,7 @@ And the adsl routing table:<BR>
default via 64.39.160.16 dev ppp0
</pre>
Don't forget that the 'route' script must be called if/when one of your public IPs change. The
-cablemodem uses a dhcp client which executes a script called <a href="http://rcf.mvlan.net/dist/contrib/dhcpcd/dhcpcd-eth1.exe" target="_blank">dhcpcd-eth1.exe</a>
+cablemodem uses a dhcp client which executes a script called <a href="http://rcf.mvlan.net:8080/dist/contrib/dhcpcd/dhcpcd-eth1.exe" target="_blank">dhcpcd-eth1.exe</a>
(created by Jean-SИbastien Morisset) after it changes the ip. This script reloads the firewall rules for
eth1 (only) and calls the 'route' script to update the routing tables.<BR>
<BR>
@@ -1317,7 +1335,7 @@ get out/in before it's completed. This i
the firewall chains when only one interface has gone up or down?
So in /etc/ppp/ip-up.local and /etc/ppp/ip-down.local you should run rcf as follows:<BR>
<font face="Courier">/sbin/rcf -nsfc -ri $1</font><BR>
-You can also use a <a href="http://rcf.mvlan.net/dist/contrib/rcf-lock" target="_blank">wrapper</a> to add a file locking scheme to stop rcf
+You can also use a <a href="http://rcf.mvlan.net:8080/dist/contrib/rcf-lock" target="_blank">wrapper</a> to add a file locking scheme to stop rcf
running twice at the same time. This is necessary when several connections are
possible at once, such as a dial-in or pptp setup. It's possible you are
also getting this, where the ip-up.local rcf is running before the
@@ -1382,26 +1400,26 @@ or your network. Put that host in your b
<DT><H2><a name="chapter_3-7">Development</a></H2>
<DT><em>How can I contribute my module to the current sources through CVS?</em><BR>
<BR>
-<DD>The <a href="http://rcf.mvlan.net/cgi-bin/cvs/">CVS repository</a> is used to add new or modified files. You can browse the file hierarchy by picking directories (which have slashes after them, e.g., rcf-5.2.1/). If you pick a file, you will see the revision history for that file. Selecting a revision number will display it's revision. There is a link at each revision to display diffs between that revision and the previous one. A form at the bottom of the page will also allow you to display diffs between arbitrary revisions.<BR>
+<DD>The <a href="http://rcf.mvlan.net:8080/cgi-bin/cvs/">CVS repository</a> is used to add new or modified files. You can browse the file hierarchy by picking directories (which have slashes after them, e.g., rcf-5.2.1/). If you pick a file, you will see the revision history for that file. Selecting a revision number will display it's revision. There is a link at each revision to display diffs between that revision and the previous one. A form at the bottom of the page will also allow you to display diffs between arbitrary revisions.<BR>
<BR>
You can also checkout the latest code using our public cvs pserver. Here's an example of the syntax:<BR>
-<font face="Courier">cvs -d :pserver:anonymous@cvs.mvlan.net:/rcf login<BR>
-cvs -d :pserver:anonymous@cvs.mvlan.net:/rcf co rcf-5.2.1</font><BR>
+<font face="Courier">cvs -d :pserver:anonymous@cvs.mvlan.net:8080:/rcf login<BR>
+cvs -d :pserver:anonymous@cvs.mvlan.net:8080:/rcf co rcf-5.2.1</font><BR>
<BR>
Or to checkout a specific release (aka branch):<BR>
-<font face="Courier">cvs -d :pserver:anonymous@cvs.mvlan.net:/rcf co -r [branch] rcf-5.2.1</font><BR>
+<font face="Courier">cvs -d :pserver:anonymous@cvs.mvlan.net:8080:/rcf co -r [branch] rcf-5.2.1</font><BR>
<BR>
-r [branch] is optional and refers to the current development release (i.e. HEAD, a1, b1, c1, etc.).<BR>
<BR>
To work on the current development code, checkout the main (aka HEAD) branch. Example:
-<font face="Courier">cvs -d :pserver:username@cvs.mvlan.net:/rcf login</font><BR>
-<font face="Courier">cvs -d :pserver:username@cvs.mvlan.net:/rcf co rcf-5.2.1</font><BR>
+<font face="Courier">cvs -d :pserver:username@cvs.mvlan.net:8080:/rcf login</font><BR>
+<font face="Courier">cvs -d :pserver:username@cvs.mvlan.net:8080:/rcf co rcf-5.2.1</font><BR>
<BR>
If you need to go back to a specific release (to test for reported bugs, create patches, etc.), you should specify the branch. Example:<BR>
-<font face="Courier">cvs -d :pserver:username@cvs.mvlan.net:/rcf update -P -r c1 rcf-5.2.1</font><BR>
+<font face="Courier">cvs -d :pserver:username@cvs.mvlan.net:8080:/rcf update -P -r c1 rcf-5.2.1</font><BR>
<BR>
You can go back to the current development version using:<BR>
-<font face="Courier">cvs -d :pserver:username@cvs.mvlan.net:/rcf update -P -r HEAD rcf-5.2.1</font><BR>
+<font face="Courier">cvs -d :pserver:username@cvs.mvlan.net:8080:/rcf update -P -r HEAD rcf-5.2.1</font><BR>
<BR>
As we develop the main (aka HEAD) branch, we'll decide to release an alpha, beta, pre-release, etc. version. At that time, Jean-SИbastien will create a new branch. This is only a place marker and should only be used as mentioned above.<BR>
<BR>
@@ -1413,7 +1431,7 @@ The "cvs watchers" command will list who
<BR>
<DT><em>How can I obtain a CVS account?</em><BR>
<BR>
-<DD>You should contact <a href="mailto:jsmoriss@mvlan.net?subject=I want to become an official RCF developer">Jean-SИbastien</a> directly.<BR>
+<DD>You should contact <a href="mailto:jsmoriss@mvlan.net:8080?subject=I want to become an official RCF developer">Jean-SИbastien</a> directly.<BR>
<BR>
<BR>
<DT><H2><a name="chapter_3-8">Miscellaneous</a></H2>
@@ -1441,12 +1459,12 @@ some programs which can do it for you, e
<DT><em>How do I report a bug?</em><BR>
<BR>
<DD>About the RCF script:<BR>
-Send a message to the author, <a href="mailto:jsmoriss@mvlan.net?subject=RCF bug report">Jean-Sébastien Morisset</a>,
+Send a message to the author, <a href="mailto:jsmoriss@mvlan.net:8080?subject=RCF bug report">Jean-Sébastien Morisset</a>,
or to the <a href="#userslist">'users' mailing list</a>.<BR>
<BR>
About the RCF FAQ:<BR>
Send a message to the author,
-<a href="mailto:edwin@privateer.student.utwente.nl?subject=RCF FAQ bug report">Edwin ten Brink</a>, or to the <a href="#userslist">'users' mailing list</a>.<BR>
+<a href="mailto:e.ten.brink@freeler.nl?subject=RCF FAQ bug report">Edwin ten Brink</a>, or to the <a href="#userslist">'users' mailing list</a>.<BR>
<BR>
<BR>
<DT><em>How do I contribute to the evolution of RCF?</em><BR>
@@ -1460,7 +1478,7 @@ Send a message to the author,
If you have a question on the current version of RCF, your mail should be addressed towards the <a href="#userslist">users list</a>.
If you want to have a quick answer to your question, include the <em>version number</em> of RCF you're using,
a few relevant lines of your logs and your configuration (obtained with the --show-config parameter).<BR>
-Be sure your problem isn't described in the <a href="#chapter_3-2">man pages</a>, this FAQ or the <a href="http://www.mvlan.net/pipermail/rcf-users/" target="_blank">mailing list archives</a> already.<BR>
+Be sure your problem isn't described in the <a href="#chapter_3-2">man pages</a>, this FAQ or the <a href="http://www.mvlan.net:8080/pipermail/rcf-users/" target="_blank">mailing list archives</a> already.<BR>
<BR>
<BR>
<DT><em>How do I unsubscribe from one of the mailing lists?</em><BR>
@@ -1585,13 +1603,13 @@ that kernel.
<H2><a name="chapter_5-1">5.1 Websites</a></H2>
As everyone knows, nothing changes faster than the Internet, so the links
below may have changed. If you find a broken link or a site of which you
-feel it really should be in here, please report it to <a href="mailto:edwin@privateer.student.utwente.nl?subject=RCF FAQ links">me</a>.<BR>
+feel it really should be in here, please report it to <a href="mailto:e.ten.brink@freeler.nl?subject=RCF FAQ links">me</a>.<BR>
There are tons of information out there. This list is not, and will not be,
complete. It merely provides useful references.<BR>
<H3>RCF Homepage</H3>
-Main page:<UL><a href="http://rcf.mvlan.net/" target="_blank">http://rcf.mvlan.net/</a><BR>
+Main page:<UL><a href="http://rcf.mvlan.net:8080/" target="_blank">http://rcf.mvlan.net:8080/</a><BR>
</UL>
-Mirrors:<UL><a href="ftp://ftp.axess.com/mirrors/jsmoriss.mvlan.net/linux/rcf.html" target="_blank">ftp://ftp.axess.com/mirrors/jsmoriss.mvlan.net/linux/rcf.html</a><BR>
+Mirrors:<UL><a href="ftp://ftp.axess.com/mirrors/jsmoriss.mvlan.net:8080/linux/rcf.html" target="_blank">ftp://ftp.axess.com/mirrors/jsmoriss.mvlan.net:8080/linux/rcf.html</a><BR>
<a href="http://the.wiretapped.net/security/firewalls/rc.firewall/" target="_blank">http://the.wiretapped.net/security/firewalls/rc.firewall/</a><BR>
<a href="ftp://ftp.wiretapped.net/pub/security/firewalls/rc.firewall/" target="_blank">ftp://ftp.wiretapped.net/pub/security/firewalls/rc.firewall/</a><BR>
</UL>
@@ -1719,17 +1737,17 @@ subscribe to any combination of them.<BR
<DT>Audience:<BR>
<DD>All users who want to be notified of updates<BR>
<DT>About the list:<BR>
-<DD><a href="http://lists.mvlan.net/mailman/listinfo/rcf-announce" target="_blank">http://lists.mvlan.net/mailman/listinfo/rcf-announce</a><BR>
+<DD><a href="http://lists.mvlan.net:8080/mailman/listinfo/rcf-announce" target="_blank">http://lists.mvlan.net:8080/mailman/listinfo/rcf-announce</a><BR>
<DT>Archive of previous posts:<BR>
-<DD><a href="http://www.mvlan.net/pipermail/rcf-announce/" target="_blank">http://www.mvlan.net/pipermail/rcf-announce/</a><BR>
+<DD><a href="http://www.mvlan.net:8080/pipermail/rcf-announce/" target="_blank">http://www.mvlan.net:8080/pipermail/rcf-announce/</a><BR>
<DT>Help about the list:<BR>
-<DD>Mail to: <a href="mailto:rcf-announce-request@lists.mvlan.net?help">rcf-announce-request@lists.mvlan.net</a><BR>
+<DD>Mail to: <a href="mailto:rcf-announce-request@lists.mvlan.net:8080?help">rcf-announce-request@lists.mvlan.net:8080</a><BR>
With the subject: "help"<BR>
<DT>Subscribe:<BR>
-<DD>Mail to: <a href="mailto:rcf-announce-request@lists.mvlan.net?subject=subscribe">rcf-announce-request@lists.mvlan.net</a><BR>
+<DD>Mail to: <a href="mailto:rcf-announce-request@lists.mvlan.net:8080?subject=subscribe">rcf-announce-request@lists.mvlan.net:8080</a><BR>
With the subject: "subscribe"<BR>
<DT>Unsubscribe:<BR>
-<DD>Mail to: <a href="mailto:rcf-announce-request@lists.mvlan.net?subject=unsubscribe">rcf-announce-request@lists.mvlan.net</a><BR>
+<DD>Mail to: <a href="mailto:rcf-announce-request@lists.mvlan.net:8080?subject=unsubscribe">rcf-announce-request@lists.mvlan.net:8080</a><BR>
With the subject: "unsubscribe"<BR>
</DL>
<BR>
@@ -1740,20 +1758,20 @@ With the subject: "unsubscribe"<BR>
about the <em>current production version</em>.<BR>
So <strong>no</strong> development questions!<BR>
<DT>About the list:<BR>
-<DD><a href="http://www.mvlan.net/mailman/listinfo/rcf-users" target="_blank">http://www.mvlan.net/mailman/listinfo/rcf-users</a><BR>
+<DD><a href="http://www.mvlan.net:8080/mailman/listinfo/rcf-users" target="_blank">http://www.mvlan.net:8080/mailman/listinfo/rcf-users</a><BR>
<DT>Archive of previous posts:<BR>
-<DD><a href="http://www.mvlan.net/pipermail/rcf-users/" target="_blank">http://www.mvlan.net/pipermail/rcf-users/</a><BR>
+<DD><a href="http://www.mvlan.net:8080/pipermail/rcf-users/" target="_blank">http://www.mvlan.net:8080/pipermail/rcf-users/</a><BR>
<DT>Help about the list:<BR>
-<DD>Mail to: <a href="mailto:rcf-users-request@lists.mvlan.net?subject=help">rcf-users-request@lists.mvlan.net</a><BR>
+<DD>Mail to: <a href="mailto:rcf-users-request@lists.mvlan.net:8080?subject=help">rcf-users-request@lists.mvlan.net:8080</a><BR>
With the subject: "help"<BR>
<DT>Subscribe:<BR>
-<DD>Mail to: <a href="mailto:rcf-users-request@lists.mvlan.net?subject=subscribe">rcf-users-request@lists.mvlan.net</a><BR>
+<DD>Mail to: <a href="mailto:rcf-users-request@lists.mvlan.net:8080?subject=subscribe">rcf-users-request@lists.mvlan.net:8080</a><BR>
With the subject: "subscribe"<BR>
<DT>Unsubscribe:<BR>
-<DD>Mail to: <a href="mailto:rcf-users-request@lists.mvlan.net?subject=unsubscribe">rcf-users-request@lists.mvlan.net</a><BR>
+<DD>Mail to: <a href="mailto:rcf-users-request@lists.mvlan.net:8080?subject=unsubscribe">rcf-users-request@lists.mvlan.net:8080</a><BR>
With the subject: "unsubscribe"<BR>
<DT>Posting a message:<BR>
-<DD>Mail to: <a href="mailto:rcf-users@lists.mvlan.net">rcf-users@lists.mvlan.net</a><BR>
+<DD>Mail to: <a href="mailto:rcf-users@lists.mvlan.net:8080">rcf-users@lists.mvlan.net:8080</a><BR>
</DL>
<BR>
<DT><a name="developerslist">Linux ipchains firewall <em>developers</em> mailing list</a>
@@ -1761,20 +1779,20 @@ With the subject: "unsubscribe"<BR>
<DT>Audience:<BR>
<DD>Users who want to participate in or stay informed about developments of RCF<BR>
<DT>About the list:<BR>
-<DD><a href="http://www.mvlan.net/mailman/listinfo/rcf-dev" target="_blank">http://www.mvlan.net/mailman/listinfo/rcf-dev</a><BR>
+<DD><a href="http://www.mvlan.net:8080/mailman/listinfo/rcf-dev" target="_blank">http://www.mvlan.net:8080/mailman/listinfo/rcf-dev</a><BR>
<DT>Archive of previous posts:<BR>
-<DD><a href="http://www.mvlan.net/pipermail/rcf-dev/" target="_blank">http://www.mvlan.net/pipermail/rcf-dev/</a><BR>
+<DD><a href="http://www.mvlan.net:8080/pipermail/rcf-dev/" target="_blank">http://www.mvlan.net:8080/pipermail/rcf-dev/</a><BR>
<DT>Help about the list:<BR>
-<DD>Mail to: <a href="mailto:rcf-dev-request@lists.mvlan.net?subject=help">rcf-dev-request@lists.mvlan.net</a><BR>
+<DD>Mail to: <a href="mailto:rcf-dev-request@lists.mvlan.net:8080?subject=help">rcf-dev-request@lists.mvlan.net:8080</a><BR>
With the subject: "help"<BR>
<DT>Subscribe:<BR>
-<DD>Mail to: <a href="mailto:rcf-dev-request@lists.mvlan.net?subject=subscribe">rcf-dev-request@lists.mvlan.net</a><BR>
+<DD>Mail to: <a href="mailto:rcf-dev-request@lists.mvlan.net:8080?subject=subscribe">rcf-dev-request@lists.mvlan.net:8080</a><BR>
With the subject: "subscribe"<BR>
<DT>Unsubscribe:<BR>
-<DD>Mail to: <a href="mailto:rcf-dev-request@lists.mvlan.net?subject=unsubscribe">rcf-dev-request@lists.mvlan.net</a><BR>
+<DD>Mail to: <a href="mailto:rcf-dev-request@lists.mvlan.net:8080?subject=unsubscribe">rcf-dev-request@lists.mvlan.net:8080</a><BR>
With the subject: "unsubscribe"<BR>
<DT>Posting a message:<BR>
-<DD>Mail to: <a href="mailto:rcf-dev@lists.mvlan.net">rcf-dev@lists.mvlan.net</a>
+<DD>Mail to: <a href="mailto:rcf-dev@lists.mvlan.net:8080">rcf-dev@lists.mvlan.net:8080</a>
</DL></DL>
<H3>Other, security- or firewall related mailing-lists</H3>
Various lists can be found at <a href="http://www.securityfocus.com" target="_blank">SecurityFocus</a>, among
diff -uprk.orig rcf-5.2.1s1.orig/fwinit rcf-5.2.1s1/fwinit
--- rcf-5.2.1s1.orig/fwinit 2002-01-03 17:32:24 +0300
+++ rcf-5.2.1s1/fwinit 2002-12-01 02:19:29 +0300
@@ -3,12 +3,12 @@
#-----------------------------------------------------------------------
# Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#-----------------------------------------------------------------------
-# $Id: fwinit,v 1.5 2001/08/23 19:55:17 jsmoriss Exp $
+# $Id: fwinit,v 1.4 2002/07/30 03:27:47 jsmoriss Exp $
#-----------------------------------------------------------------------
# $RCSfile: fwinit,v $
# $Author: jsmoriss $
-# $Revision: 1.5 $
-# $Date: 2001/08/23 19:55:17 $
+# $Revision: 1.4 $
+# $Date: 2002/07/30 03:27:47 $
# $Locker: $
# $Name: $
#-----------------------------------------------------------------------
@@ -24,11 +24,14 @@
#
#-----------------------------------------------------------------------
-# chkconfig: 2345 12 90
+# chkconfig: 2345 125 900
# description: rcf (aka rc.firewall) is an ipchains-based firewall with support for over 50 network services (including vtun, dhcp, nfs, smb, napster, proxies, online games, etc.), masquerading, port forwarding, and ip accounting. All services are self-contained modules which can be prioritized easily in the ipchains stack. Protections include spoofing, stuffed routing/masqerading, DoS, smurf attacks, outgoing port scans, and many more. rcf also supports multiple public, private (masqu'ed), dmz, and mz (non-masq'ed) networks and interfaces. Access rules are defined per interface and dmz/mz server groups.
# processname:
# config: /etc/firewall.conf
-
+
+# Required by Oxygen LRP distribution.
+RCDLINKS="0,K90 1,K90 2,S12 3,S12 4,S12 5,S12 6,K90"
+
# Source function library
[ -f /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions # Red Hat
@@ -53,7 +56,11 @@ RETVAL=0
# See how we were called.
case "$1" in
start|restart|reload|force-reload)
- /sbin/rcf
+ # if rcf is started as part of the regular system boot process,
+ # copy stdout to console.
+ [ "$RUNLEVEL" ] \
+ && /sbin/rcf | tee -a /dev/console \
+ || /sbin/rcf
RETVAL=$?
if [ $RETVAL -eq 0 ]
then
diff -uprk.orig rcf-5.2.1s1.orig/INSTALL rcf-5.2.1s1/INSTALL
--- rcf-5.2.1s1.orig/INSTALL 2002-01-03 17:32:24 +0300
+++ rcf-5.2.1s1/INSTALL 2002-12-01 02:19:29 +0300
@@ -1,5 +1,5 @@
-Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
+Copyright (C) 2000-2002, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
rcf - the most secure and complete ipchains Firewall for Linux.
This program is free software; you can redistribute it and/or modify it
@@ -11,10 +11,6 @@ WITHOUT ANY WARRANTY; without even the i
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
Public License (LICENSE file in archive) for more details.
-************************************************************************
- PLEASE SEE <http://rcf.mvlan.net/> FOR PRIVATE AND COMMERCIAL USE.
-************************************************************************
-
DESCRIPTION
rcf (aka rc.firewall) is an ipchains-based firewall with support for
@@ -163,7 +159,7 @@ services/.
FAQ
-The FAQ is available at <http://rcf.mvlan.net/dist/FAQ.html>.
+The FAQ is available at <http://rcf.mvlan.net:8080/dist/FAQ.html>.
MAILING LIST
@@ -171,7 +167,7 @@ If you need help, would like to know whe
or contribute to the general evolution of this script, subscribe to
our mailing lists:
- http://lists.mvlan.net/mailman/listinfo/rcf-users
- http://lists.mvlan.net/mailman/listinfo/rcf-dev
- http://lists.mvlan.net/mailman/listinfo/rcf-announce
+ http://lists.mvlan.net:8080/mailman/listinfo/rcf-users
+ http://lists.mvlan.net:8080/mailman/listinfo/rcf-dev
+ http://lists.mvlan.net:8080/mailman/listinfo/rcf-announce
diff -uprk.orig rcf-5.2.1s1.orig/sbin/rcf rcf-5.2.1s1/sbin/rcf
--- rcf-5.2.1s1.orig/sbin/rcf 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/sbin/rcf 2002-12-01 02:19:29 +0300
@@ -3,12 +3,12 @@
#-----------------------------------------------------------------------
# Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#-----------------------------------------------------------------------
-# $Id: rcf,v 1.17 2001/12/15 13:08:36 edwin Exp $
+# $Id: rcf,v 1.4 2002/07/30 03:28:24 jsmoriss Exp $
#-----------------------------------------------------------------------
# $RCSfile: rcf,v $
-# $Author: edwin $
-# $Revision: 1.17 $
-# $Date: 2001/12/15 13:08:36 $
+# $Author: jsmoriss $
+# $Revision: 1.4 $
+# $Date: 2002/07/30 03:28:24 $
# $Locker: $
# $Name: $
#-----------------------------------------------------------------------
@@ -343,9 +343,6 @@ sed -e '' <<EOF
Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>.
rcf (aka rc.firewall) v${PKG_VERSION} and all related scripts come with ABSOLUTELY NOWARRANTY; for details see the LICENSE file included in the rcf distribution.
---------------------------------------------------------------------------------
- PLEASE SEE <http://rcf.mvlan.net/> FOR PRIVATE AND COMMERCIAL USE. THANK YOU.
---------------------------------------------------------------------------------
EOF
#
@@ -695,12 +692,15 @@ then
done
[ "$TEST" ] || echo ""
- if [ "`echo $MASQ_TIMEOUTS|grep '^[0-9][0-9]* *[0-9][0-9]* *[0-9][0-9]*$'`" ]
+ if [ "$MASQ_TIMEOUTS" ]
then
+ if [ "`echo $MASQ_TIMEOUTS|grep '^[0-9][0-9]* *[0-9][0-9]* *[0-9][0-9]*$'`" ]
+ then
echo "Changing IP Masquerading Timeouts"
ipchains -M -S $MASQ_TIMEOUTS
- else
+ else
echo "WARNING: ipmasq-timeouts option set incorrectly!"
+ fi
fi
fi
diff -uprk.orig rcf-5.2.1s1.orig/TODO rcf-5.2.1s1/TODO
--- rcf-5.2.1s1.orig/TODO 2002-01-03 17:32:24 +0300
+++ rcf-5.2.1s1/TODO 2002-12-01 02:19:29 +0300
@@ -1,6 +1,8 @@
-Version 5.3
+Version 6.0
-----------
+Compatibility with Linux 2.2.x ipchains AND 2.4.x iptables.
+
Add an option to define which subnets are allowed to be routed.
Rename all options from {action}-{int}-{service}-{type} to@@ -10,7 +12,3 @@ an easy conversion of the configuration
Convert the configuration file to XML.
-Version 6.0
------------
-Compatibility with Linux 2.2.x ipchains AND 2.4.x iptables.
-
diff -uprk.orig rcf-5.2.1s1.orig/usr/man/firewall.conf.5 rcf-5.2.1s1/usr/man/firewall.conf.5
--- rcf-5.2.1s1.orig/usr/man/firewall.conf.5 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/usr/man/firewall.conf.5 2002-12-01 02:19:29 +0300
@@ -3,7 +3,7 @@
.\"
.\" Original: Jean-Sebastien Morisset <jsmoriss@mvlan.net>
.\"
-.TH FIREWALL.CONF 5 "AUGUST 2001" "RCF 5.2.1" "User Manuals"
+.TH FIREWALL.CONF 5 "JANUARY 2002" "RCF 6.0" "User Manuals"
.SH NAME
@@ -140,31 +140,31 @@ groups, modules, and sbin directories.
The \fBrcf\fR Frequently Asked Questions (FAQ) are available at:
.TP
-<http://rcf.mvlan.net/dist/FAQ.html>
+<http://rcf.mvlan.net:8080/dist/FAQ.html>
.RS
.RE
-<ftp://ftp.axess.com/mirrors/jsmoriss.mvlan.net/linux/rcf/FAQ.html>
+<ftp://ftp.axess.com/mirrors/rcf.mvlan.net/FAQ.html>
.RS
.RE
.SH BUGS
-If you experience any problems using \fBrcf\fR, please subscribe to our mailing list <http://lists.mvlan.net/mailman/listinfo/rcf-users>. If you'd like to contribute to the evolution of \fBrcf\fR, you can also join the development list at <http://lists.mvlan.net/mailman/listinfo/rcf-dev>.
+If you experience any problems using \fBrcf\fR, please subscribe to our mailing list <http://lists.mvlan.net:8080/mailman/listinfo/rcf-users>. If you'd like to contribute to the evolution of \fBrcf\fR, you can also join the development list at <http://lists.mvlan.net:8080/mailman/listinfo/rcf-dev>.
.SH UPDATES
Releases of \fBrcf\fR are announced on Freshmeat <http://freshmeat.net/projects/rcf/>.
.TP
-Development and production releases are also announced on our mailing list <http://lists.mvlan.net/mailman/listinfo/rcf-announce>.
+Development and production releases are also announced on our mailing list <http://lists.mvlan.net:8080/mailman/listinfo/rcf-announce>.
.TP
The latest versions are always available from:
.TP
-<http://rcf.mvlan.net/>
+<http://rcf.mvlan.net:8080/>
.RS
.RE
-<ftp://ftp.axess.com/mirrors/jsmoriss.mvlan.net/linux/rcf/>
+<ftp://ftp.axess.com/mirrors/rcf.mvlan.net/>
.RS
.RE
diff -uprk.orig rcf-5.2.1s1.orig/usr/man/rcf.8 rcf-5.2.1s1/usr/man/rcf.8
--- rcf-5.2.1s1.orig/usr/man/rcf.8 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/usr/man/rcf.8 2002-12-01 02:19:29 +0300
@@ -3,7 +3,7 @@
.\"
.\" Original: Jean-Sebastien Morisset <jsmoriss@mvlan.net>
.\"
-.TH RCF 8 "AUGUST 2001" "RCF 5.2.1" "User Manuals"
+.TH RCF 8 "JANUARY 2002" "RCF 6.0" "User Manuals""
.SH NAME
@@ -49,7 +49,6 @@ rcf \- the most complete and secure ipch
.TP
\fBrcf\fR (aka rc.firewall) is an ipchains-based firewall with support for over 50 network services (including vtun, dhcp, nfs, smb, napster, proxies, online games, etc.), masquerading, port forwarding, and ip accounting. All services are self-contained modules which can be prioritized easily in the ipchains stack. Protections include spoofing, stuffed routing/masqerading, DoS, smurf attacks, outgoing port scans, and many more. \fBrcf\fR also supports multiple public, private (masqu'ed), dmz, and mz (non-masq'ed) networks and interfaces. Access rules are defined per interface and dmz/mz server groups.
.TP
-If you use \fBrcf\fR in a commercial setting, please refer to <http://rcf.mvlan.net/#commercial>.
.SH OPTIONS
@@ -143,31 +142,31 @@ For security reasons, your \fBPATH\fR en
The \fBrcf\fR Frequently Asked Questions (FAQ) are available at:
.TP
-<http://rcf.mvlan.net/dist/FAQ.html>
+<http://rcf.mvlan.net:8080/dist/FAQ.html>
.RS
.RE
-<ftp://ftp.axess.com/mirrors/jsmoriss.mvlan.net/linux/rcf/FAQ.html>
+<ftp://ftp.axess.com/mirrors/rcf.mvlan.net/FAQ.html>
.RS
.RE
.SH BUGS
-If you experience any problems using \fBrcf\fR, please subscribe to our mailing list <http://lists.mvlan.net/mailman/listinfo/rcf-users>. If you'd like to contribute to the evolution of \fBrcf\fR, you can also join the development list at <http://lists.mvlan.net/mailman/listinfo/rcf-dev>.
+If you experience any problems using \fBrcf\fR, please subscribe to our mailing list <http://lists.mvlan.net:8080/mailman/listinfo/rcf-users>. If you'd like to contribute to the evolution of \fBrcf\fR, you can also join the development list at <http://lists.mvlan.net:8080/mailman/listinfo/rcf-dev>.
.SH UPDATES
Releases of \fBrcf\fR are announced on Freshmeat <http://freshmeat.net/projects/rcf/>.
.TP
-Development and production releases are also announced on our mailing list <http://lists.mvlan.net/mailman/listinfo/rcf-announce>.
+Development and production releases are also announced on our mailing list <http://lists.mvlan.net:8080/mailman/listinfo/rcf-announce>.
.TP
The latest versions are always available from:
.TP
-<http://rcf.mvlan.net/>
+<http://rcf.mvlan.net:8080/>
.RS
.RE
-<ftp://ftp.axess.com/mirrors/jsmoriss.mvlan.net/linux/rcf/>
+<ftp://ftp.axess.com/mirrors/rcf.mvlan.net/>
.RS
.RE
diff -uprk.orig rcf-5.2.1s1.orig/usr/man/rcf-groups.5 rcf-5.2.1s1/usr/man/rcf-groups.5
--- rcf-5.2.1s1.orig/usr/man/rcf-groups.5 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/usr/man/rcf-groups.5 2002-12-01 02:19:29 +0300
@@ -1,9 +1,9 @@
.\"
-.\" firewall.conf.5
+.\" rcf-groups.5
.\"
.\" Original: Jean-Sebastien Morisset <jsmoriss@mvlan.net>
.\"
-.TH RCF-GROUPS 5 "AUGUST 2001" "RCF 5.2.1" "User Manuals"
+.TH RCF-GROUPS 5 "JANUARY 2002" "RCF 6.0" "User Manuals""
.SH NAME
@@ -76,31 +76,31 @@ groups, modules, and sbin directories.
The \fBrcf\fR Frequently Asked Questions (FAQ) are available at:
.TP
-<http://rcf.mvlan.net/dist/FAQ.html>
+<http://rcf.mvlan.net:8080/dist/FAQ.html>
.RS
.RE
-<ftp://ftp.axess.com/mirrors/jsmoriss.mvlan.net/linux/rcf/FAQ.html>
+<ftp://ftp.axess.com/mirrors/rcf.mvlan.net/FAQ.html>
.RS
.RE
.SH BUGS
-If you experience any problems using \fBrcf\fR, please subscribe to our mailing list <http://lists.mvlan.net/mailman/listinfo/rcf-users>. If you'd like to contribute to the evolution of \fBrcf\fR, you can also join the development list at <http://lists.mvlan.net/mailman/listinfo/rcf-dev>.
+If you experience any problems using \fBrcf\fR, please subscribe to our mailing list <http://lists.mvlan.net:8080/mailman/listinfo/rcf-users>. If you'd like to contribute to the evolution of \fBrcf\fR, you can also join the development list at <http://lists.mvlan.net:8080/mailman/listinfo/rcf-dev>.
.SH UPDATES
Releases of \fBRCF\fR are announced on Freshmeat <http://freshmeat.net/projects/rcf/>.
.TP
-Development and production releases are also announced on our mailing list <http://lists.mvlan.net/mailman/listinfo/rcf-announce>.
+Development and production releases are also announced on our mailing list <http://lists.mvlan.net:8080/mailman/listinfo/rcf-announce>.
.TP
The latest versions are always available from:
.TP
-<http://rcf.mvlan.net/>
+<http://rcf.mvlan.net:8080/>
.RS
.RE
-<ftp://ftp.axess.com/mirrors/jsmoriss.mvlan.net/linux/rcf/>
+<ftp://ftp.axess.com/mirrors/rcf.mvlan.net/>
.RS
.RE
diff -uprk.orig rcf-5.2.1s1.orig/usr/man/rcf-modules.5 rcf-5.2.1s1/usr/man/rcf-modules.5
--- rcf-5.2.1s1.orig/usr/man/rcf-modules.5 2002-01-03 17:32:25 +0300
+++ rcf-5.2.1s1/usr/man/rcf-modules.5 2002-12-01 02:19:29 +0300
@@ -1,9 +1,9 @@
.\"
-.\" firewall.conf.5
+.\" rcf-modules.5
.\"
.\" Original: Jean-Sebastien Morisset <jsmoriss@mvlan.net>
.\"
-.TH RCF-MODULES 5 "AUGUST 2001" "RCF 5.2.1" "User Manuals"
+.TH RCF-MODULES 5 "JANUARY 2002" "RCF 6.0" "User Manuals""
.SH NAME
@@ -88,31 +88,31 @@ groups, modules, and sbin directories.
The \fBrcf\fR Frequently Asked Questions (FAQ) are available at:
.TP
-<http://rcf.mvlan.net/dist/FAQ.html>
+<http://rcf.mvlan.net:8080/dist/FAQ.html>
.RS
.RE
-<ftp://ftp.axess.com/mirrors/jsmoriss.mvlan.net/linux/rcf/FAQ.html>
+<ftp://ftp.axess.com/mirrors/rcf.mvlan.net/FAQ.html>
.RS
.RE
.SH BUGS
-If you experience any problems using \fBrcf\fR, please subscribe to our mailing list <http://lists.mvlan.net/mailman/listinfo/rcf-users>. If you'd like to contribute to the evolution of \fBrcf\fR, you can also join the development list at <http://lists.mvlan.net/mailman/listinfo/rcf-dev>.
+If you experience any problems using \fBrcf\fR, please subscribe to our mailing list <http://lists.mvlan.net:8080/mailman/listinfo/rcf-users>. If you'd like to contribute to the evolution of \fBrcf\fR, you can also join the development list at <http://lists.mvlan.net:8080/mailman/listinfo/rcf-dev>.
.SH UPDATES
Releases of \fBRCF\fR are announced on Freshmeat <http://freshmeat.net/projects/rcf/>.
.TP
-Development and production releases are also announced on our mailing list <http://lists.mvlan.net/mailman/listinfo/rcf-announce>.
+Development and production releases are also announced on our mailing list <http://lists.mvlan.net:8080/mailman/listinfo/rcf-announce>.
.TP
The latest versions are always available from:
.TP
-<http://rcf.mvlan.net/>
+<http://rcf.mvlan.net:8080/>
.RS
.RE
-<ftp://ftp.axess.com/mirrors/jsmoriss.mvlan.net/linux/rcf/>
+<ftp://ftp.axess.com/mirrors/rcf.mvlan.net/>
.RS
.RE