/[smeserver]/smeserver-ipsec/P/smeserver-ipsec-0.0.1-relocatemastemplates.patch
ViewVC logotype

Annotation of /smeserver-ipsec/P/smeserver-ipsec-0.0.1-relocatemastemplates.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Wed Jan 4 00:54:32 2006 UTC (18 years, 10 months ago) by gordonr
Branch: MAIN
CVS Tags: HEAD 
Wed Jan  4 11:54:26 2006                       Gordon Rowell (gordonr)

Auto-commit
----------------------------------------------------------------------
1 gordonr 1.1 diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/30SourceAddressVerification mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/30SourceAddressVerification
2     --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/30SourceAddressVerification 1970-01-01 10:00:00.000000000 +1000
3     +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/30SourceAddressVerification 2003-04-12 13:45:44.000000000 +1000
4     @@ -0,0 +1,5 @@
5     + # Turn on Source Address Verification
6     + for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
7     + echo 0 > $f
8     + done
9     +
10     diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/35ForwardIPSEC mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/35ForwardIPSEC
11     --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/35ForwardIPSEC 1970-01-01 10:00:00.000000000 +1000
12     +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/35ForwardIPSEC 2003-04-12 13:50:08.000000000 +1000
13     @@ -0,0 +1,4 @@
14     + # Set up chains which allow us to bypass prerouting for IPSEC networks
15     + /sbin/iptables --table nat --new-chain PreroutingBypassIPSEC
16     + /sbin/iptables --table nat --append PREROUTING --jump PreroutingBypassIPSEC
17     +
18     diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40AllowIPSEC mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40AllowIPSEC
19     --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40AllowIPSEC 1970-01-01 10:00:00.000000000 +1000
20     +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40AllowIPSEC 2003-04-12 13:56:17.000000000 +1000
21     @@ -0,0 +1,7 @@
22     + # Set up chains which allow us to capture IPSEC connections
23     + /sbin/iptables --new-chain InputAllowIPSEC
24     + /sbin/iptables --append InputAllowIPSEC -i ipsec+ -j ACCEPT
25     + /sbin/iptables --append INPUT --jump InputAllowIPSEC
26     + /sbin/iptables --new-chain ForwardAllowIPSEC
27     + /sbin/iptables --append FORWARD --jump ForwardAllowIPSEC
28     +
29     diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/45AllowIPSEC mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/45AllowIPSEC
30     --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/45AllowIPSEC 1970-01-01 10:00:00.000000000 +1000
31     +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/45AllowIPSEC 2003-04-12 13:26:40.000000000 +1000
32     @@ -0,0 +1,5 @@
33     +{
34     + my $status = $ipsec{status} || 'disabled';
35     +
36     + $OUT = allow_udp_in(500, ($status eq 'enabled' ));
37     +}
38     diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/55AllowESP mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/55AllowESP
39     --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/55AllowESP 1970-01-01 10:00:00.000000000 +1000
40     +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/55AllowESP 2003-04-12 13:46:03.000000000 +1000
41     @@ -0,0 +1,6 @@
42     + /sbin/iptables --new-chain esp-in
43     + /sbin/iptables --append INPUT -p 50 -j esp-in
44     + /sbin/iptables --append INPUT -p 50 -j denylog
45     + /sbin/iptables --append esp-in -d \! $OUTERNET -j denylog
46     + /sbin/iptables --append esp-in -j denylog
47     +
48     diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustESP mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustESP
49     --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustESP 1970-01-01 10:00:00.000000000 +1000
50     +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustESP 2003-04-12 13:46:11.000000000 +1000
51     @@ -0,0 +1,8 @@
52     +{
53     + my $ipsec_status = $ipsec{status} || 'disabled';
54     + my $target = ($ipsec_status eq 'enabled') ? "ACCEPT" : "denylog";
55     +
56     + $OUT =
57     + " /sbin/iptables --replace esp-in 1 -d \\! \$OUTERNET -j denylog\n" .
58     + " /sbin/iptables --replace esp-in 2 -j $target";
59     +}
60     diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/30SourceAddressVerification mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/30SourceAddressVerification
61     --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/30SourceAddressVerification 2003-04-12 13:45:44.000000000 +1000
62     +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/30SourceAddressVerification 1970-01-01 10:00:00.000000000 +1000
63     @@ -1,5 +0,0 @@
64     - # Turn on Source Address Verification
65     - for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
66     - echo 0 > $f
67     - done
68     -
69     diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35ForwardIPSEC mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35ForwardIPSEC
70     --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35ForwardIPSEC 2003-04-12 13:50:08.000000000 +1000
71     +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35ForwardIPSEC 1970-01-01 10:00:00.000000000 +1000
72     @@ -1,4 +0,0 @@
73     - # Set up chains which allow us to bypass prerouting for IPSEC networks
74     - /sbin/iptables --table nat --new-chain PreroutingBypassIPSEC
75     - /sbin/iptables --table nat --append PREROUTING --jump PreroutingBypassIPSEC
76     -
77     diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40AllowIPSEC mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40AllowIPSEC
78     --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40AllowIPSEC 2003-04-12 13:56:17.000000000 +1000
79     +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40AllowIPSEC 1970-01-01 10:00:00.000000000 +1000
80     @@ -1,7 +0,0 @@
81     - # Set up chains which allow us to capture IPSEC connections
82     - /sbin/iptables --new-chain InputAllowIPSEC
83     - /sbin/iptables --append InputAllowIPSEC -i ipsec+ -j ACCEPT
84     - /sbin/iptables --append INPUT --jump InputAllowIPSEC
85     - /sbin/iptables --new-chain ForwardAllowIPSEC
86     - /sbin/iptables --append FORWARD --jump ForwardAllowIPSEC
87     -
88     diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowIPSEC mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowIPSEC
89     --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowIPSEC 2003-04-12 13:26:40.000000000 +1000
90     +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowIPSEC 1970-01-01 10:00:00.000000000 +1000
91     @@ -1,5 +0,0 @@
92     -{
93     - my $status = $ipsec{status} || 'disabled';
94     -
95     - $OUT = allow_udp_in(500, ($status eq 'enabled' ));
96     -}
97     diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/55AllowESP mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/55AllowESP
98     --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/55AllowESP 2003-04-12 13:46:03.000000000 +1000
99     +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/55AllowESP 1970-01-01 10:00:00.000000000 +1000
100     @@ -1,6 +0,0 @@
101     - /sbin/iptables --new-chain esp-in
102     - /sbin/iptables --append INPUT -p 50 -j esp-in
103     - /sbin/iptables --append INPUT -p 50 -j denylog
104     - /sbin/iptables --append esp-in -d \! $OUTERNET -j denylog
105     - /sbin/iptables --append esp-in -j denylog
106     -
107     diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustESP mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustESP
108     --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustESP 2003-04-12 13:46:11.000000000 +1000
109     +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustESP 1970-01-01 10:00:00.000000000 +1000
110     @@ -1,8 +0,0 @@
111     -{
112     - my $ipsec_status = $ipsec{status} || 'disabled';
113     - my $target = ($ipsec_status eq 'enabled') ? "ACCEPT" : "denylog";
114     -
115     - $OUT =
116     - " /sbin/iptables --replace esp-in 1 -d \\! \$OUTERNET -j denylog\n" .
117     - " /sbin/iptables --replace esp-in 2 -j $target";
118     -}
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed