sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-30 19:02:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed ftp helper match to allow only ESTABLISHED or RELATED connections.

Browse Source 
Otherwise it would allow NEW connections in the reverse direction too.
This commit is contained in:
ktsaou 2009-02-19 02:47:36 +00:00
parent 358181cf7d
commit 9c2fa99046
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
firehol.sh
View File

@ -10,7 +10,7 @@
#
# config: /etc/firehol/firehol.conf
#
# $Id: firehol.sh,v 1.280 2009/02/19 02:33:08 ktsaou Exp $
# $Id: firehol.sh,v 1.281 2009/02/19 02:47:36 ktsaou Exp $
#
# Make sure only root can run us.
@ -209,7 +209,7 @@ ${RENICE_CMD} 10 $$ >/dev/null 2>/dev/null
# Find our minor version
firehol_minor_version() {
${CAT_CMD} <<"EOF" | ${CUT_CMD} -d ' ' -f 3 | ${CUT_CMD} -d '.' -f 2
$Id: firehol.sh,v 1.280 2009/02/19 02:33:08 ktsaou Exp $
$Id: firehol.sh,v 1.281 2009/02/19 02:47:36 ktsaou Exp $
EOF
}
@ -1545,8 +1545,8 @@ rules_ftp() {
rule ${out} reverse action "$@" chain "${out}_${mychain}" proto tcp sport "${client_ports}" dport ftp state ESTABLISHED || return 1
set_work_function "Match anything related to the kernel ftp helper"
rule ${in} action "$@" chain "${in}_${mychain}" custom "-m helper --helper ftp" || return 1
rule ${out} reverse action "$@" chain "${out}_${mychain}" custom "-m helper --helper ftp" || return 1
rule ${in} action "$@" chain "${in}_${mychain}" custom "-m helper --helper ftp" state ESTABLISHED,RELATED || return 1
rule ${out} reverse action "$@" chain "${out}_${mychain}" custom "-m helper --helper ftp" state ESTABLISHED,RELATED || return 1
# this is old code - replaced by the two helper statements above
# # Active FTP
@ -5736,7 +5736,7 @@ case "${arg}" in
else
${CAT_CMD} <<EOF
$Id: firehol.sh,v 1.280 2009/02/19 02:33:08 ktsaou Exp $
$Id: firehol.sh,v 1.281 2009/02/19 02:47:36 ktsaou Exp $
(C) Copyright 2002-2007, Costa Tsaousis <costa@tsaousis.gr>
FireHOL is distributed under GPL.
@ -5922,7 +5922,7 @@ then
${CAT_CMD} <<EOF
$Id: firehol.sh,v 1.280 2009/02/19 02:33:08 ktsaou Exp $
$Id: firehol.sh,v 1.281 2009/02/19 02:47:36 ktsaou Exp $
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
FireHOL is distributed under GPL.
Home Page: http://firehol.sourceforge.net
@ -6227,7 +6227,7 @@ then
"${CAT_CMD}" >&2 <<EOF
$Id: firehol.sh,v 1.280 2009/02/19 02:33:08 ktsaou Exp $
$Id: firehol.sh,v 1.281 2009/02/19 02:47:36 ktsaou Exp $
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
FireHOL is distributed under GPL.
Home Page: http://firehol.sourceforge.net
@ -6305,7 +6305,7 @@ EOF
${CAT_CMD} <<EOF
#!${FIREHOL_FILE}
# $Id: firehol.sh,v 1.280 2009/02/19 02:33:08 ktsaou Exp $
# $Id: firehol.sh,v 1.281 2009/02/19 02:47:36 ktsaou Exp $
#
# This config will have the same effect as NO PROTECTION!
# Everything that found to be running, is allowed.