Gentoo Archives: gentoo-security

From:	Mario Koppensteiner <mariok@×××××××××.org>
To:	gentoo-security@l.g.o
Subject:	Re: [gentoo-security] Portage rsync security
Date:	Thu, 20 Mar 2008 12:33:00
Message-Id:	`20080320123127.GK3431@freeshell.org`
In Reply to:	Re: [gentoo-security] Portage rsync security by Mansour Moufid

1	On Thu, Mar 20, 2008 at 07:49:12AM -0400, Mansour Moufid wrote:
2
3	[...]
4
5	> for i in $IP
6	> do
7	> $IPT -A OUTPUT -o $EXTIF -p tcp -s $EXTIP -d $i --dport $RSYNC --syn
8	> -m state --state NEW -j ACCEPT
9	> $IPT -A INPUT -i $EXTIF -p tcp -s $i -d $EXTIP --sport $RSYNC --syn
10	> -m state --state NEW -j ACCEPT
11
12	I think the last rule is useless. You should not get a respone from a
13	host which is "NEW", because it belongs to package, which was sent out
14	before.
15
16	> done
17
18	best regards
19
20	Koppensteiner Mario