Hello,
I took a look at mjr's aftpd. It is really cool and the code looks great
(as ussual). It is a one trick pony, just anonymous ftp. Very nice.
I trust it and I am going to use it but there is a problem with choke
routers and the rest of the world. It runs as non-root and as explained in
the README, it does not BIND to 20 for its other channel, it just picks one
high (>1023) and goes for it. So...
Traditional:
set filter inter.in permit 0.0.0.0/0 BASTION/32 tcp dst eq 21 log
set filter inter.in permit 0.0.0.0/0 BASTION/32 tcp src eq 20 dst gt 1023 log
will need to be changed now to:
set filter inter.in permit 0.0.0.0/0 BASTION/32 tcp dst eq 21 log
set filter inter.in permit 0.0.0.0/0 BASTION/32 tcp src gt 1023 dst gt
1023 log
I cant think of any other way to scope its now new data channel that used
to be on tcp src 20.
Any ideas?
I have so many mixed feelings about this.
No sleep tonight. :-)
--blast
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| "The limits of my language, are the limits of my world" |
| --Wittgenstein |
| |
| <blast @
crl .
com> <blast @
worldbit .
com> |
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
