Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Mario Koppensteiner <mariok@...>
Subject: Re: Portage rsync security
Date: Thu, 20 Mar 2008 12:31:27 +0000
On Thu, Mar 20, 2008 at 07:49:12AM -0400, Mansour Moufid wrote:

[...]

> for i in $IP
> do
>   $IPT -A OUTPUT -o $EXTIF -p tcp -s $EXTIP -d $i --dport $RSYNC --syn
> -m state --state NEW -j ACCEPT
>   $IPT -A INPUT  -i $EXTIF -p tcp -s $i -d $EXTIP --sport $RSYNC --syn
> -m state --state NEW -j ACCEPT

I think the last rule is useless. You should not get a respone from a
host which is "NEW", because it belongs to package, which was sent out
before.

> done

best regards

Koppensteiner Mario
Attachment:
pgp923zV6kizx.pgp (PGP signature)
References:
Portage rsync security
-- Florian Philipp
Re: Portage rsync security
-- Mansour Moufid
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Portage rsync security
Next by thread:
Re: Portage rsync security
Previous by date:
Re: Portage rsync security
Next by date:
Re: Portage rsync security


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.