Slackware/bootstrap
1
0
Fork 0
Code Releases Wiki Activity

Remove loading of (unneeded) ftp helper module.

Browse source
This commit is contained in:
Darren 'Tadgy' Austin 2022-08-25 17:44:20 +01:00
commit 88cb949089
2 changed files with 0 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
rc.d/rc.firewall-complete
View file

@ -111,8 +111,6 @@ start_firewall() {
ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 80,443 -m conntrack --ctstate NEW -j ACCEPT ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 80,443 -m conntrack --ctstate NEW -j ACCEPT
# Service: FTP. # Service: FTP.
modprobe nf_conntrack_ftp
echo 1 >/proc/sys/net/netfilter/nf_conntrack_helper # Required to allow nf_conntrack_ftp to actually work.
iptables -A INPUT -i "$EX_IF" -p tcp --syn --dport 21 -m conntrack --ctstate NEW -j ACCEPT iptables -A INPUT -i "$EX_IF" -p tcp --syn --dport 21 -m conntrack --ctstate NEW -j ACCEPT
ip6tables -A INPUT -i "$EX_IF" -p tcp --syn --dport 21 -m conntrack --ctstate NEW -j ACCEPT ip6tables -A INPUT -i "$EX_IF" -p tcp --syn --dport 21 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -i "$EX_IF" -p tcp --syn --dport 20 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i "$EX_IF" -p tcp --syn --dport 20 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

2
rc.d/rc.firewall-float
View file

@ -111,8 +111,6 @@ start_firewall() {
ip6tables -A INPUT -i "$EX_IF" -p tcp -d "$FLOATINGIP6" --syn -m multiport --dports 80,443 -m conntrack --ctstate NEW -j ACCEPT ip6tables -A INPUT -i "$EX_IF" -p tcp -d "$FLOATINGIP6" --syn -m multiport --dports 80,443 -m conntrack --ctstate NEW -j ACCEPT
# Service: FTP. # Service: FTP.
modprobe nf_conntrack_ftp
echo 1 >/proc/sys/net/netfilter/nf_conntrack_helper # Required to allow nf_conntrack_ftp to actually work.
iptables -A INPUT -i "$EX_IF" -p tcp -d "$FLOATINGIP" --syn --dport 21 -m conntrack --ctstate NEW -j ACCEPT iptables -A INPUT -i "$EX_IF" -p tcp -d "$FLOATINGIP" --syn --dport 21 -m conntrack --ctstate NEW -j ACCEPT
ip6tables -A INPUT -i "$EX_IF" -p tcp -d "$FLOATINGIP6" --syn --dport 21 -m conntrack --ctstate NEW -j ACCEPT ip6tables -A INPUT -i "$EX_IF" -p tcp -d "$FLOATINGIP6" --syn --dport 21 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -i "$EX_IF" -p tcp -d "$FLOATINGIP" --syn --dport 20 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i "$EX_IF" -p tcp -d "$FLOATINGIP" --syn --dport 20 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT