/[smeserver]/smeserver-ipsec/P/smeserver-ipsec-0.0.1-relocatemastemplates.patch
ViewVC logotype

Contents of /smeserver-ipsec/P/smeserver-ipsec-0.0.1-relocatemastemplates.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (show annotations) (download)
Wed Jan 4 00:54:32 2006 UTC (18 years, 4 months ago) by gordonr
Branch: MAIN
CVS Tags: HEAD 
Wed Jan  4 11:54:26 2006                       Gordon Rowell (gordonr)

Auto-commit
----------------------------------------------------------------------
1 diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/30SourceAddressVerification mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/30SourceAddressVerification
2 --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/30SourceAddressVerification 1970-01-01 10:00:00.000000000 +1000
3 +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/30SourceAddressVerification 2003-04-12 13:45:44.000000000 +1000
4 @@ -0,0 +1,5 @@
5 + # Turn on Source Address Verification
6 + for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
7 + echo 0 > $f
8 + done
9 +
10 diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/35ForwardIPSEC mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/35ForwardIPSEC
11 --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/35ForwardIPSEC 1970-01-01 10:00:00.000000000 +1000
12 +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/35ForwardIPSEC 2003-04-12 13:50:08.000000000 +1000
13 @@ -0,0 +1,4 @@
14 + # Set up chains which allow us to bypass prerouting for IPSEC networks
15 + /sbin/iptables --table nat --new-chain PreroutingBypassIPSEC
16 + /sbin/iptables --table nat --append PREROUTING --jump PreroutingBypassIPSEC
17 +
18 diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40AllowIPSEC mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40AllowIPSEC
19 --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40AllowIPSEC 1970-01-01 10:00:00.000000000 +1000
20 +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40AllowIPSEC 2003-04-12 13:56:17.000000000 +1000
21 @@ -0,0 +1,7 @@
22 + # Set up chains which allow us to capture IPSEC connections
23 + /sbin/iptables --new-chain InputAllowIPSEC
24 + /sbin/iptables --append InputAllowIPSEC -i ipsec+ -j ACCEPT
25 + /sbin/iptables --append INPUT --jump InputAllowIPSEC
26 + /sbin/iptables --new-chain ForwardAllowIPSEC
27 + /sbin/iptables --append FORWARD --jump ForwardAllowIPSEC
28 +
29 diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/45AllowIPSEC mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/45AllowIPSEC
30 --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/45AllowIPSEC 1970-01-01 10:00:00.000000000 +1000
31 +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/45AllowIPSEC 2003-04-12 13:26:40.000000000 +1000
32 @@ -0,0 +1,5 @@
33 +{
34 + my $status = $ipsec{status} || 'disabled';
35 +
36 + $OUT = allow_udp_in(500, ($status eq 'enabled' ));
37 +}
38 diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/55AllowESP mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/55AllowESP
39 --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/55AllowESP 1970-01-01 10:00:00.000000000 +1000
40 +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/55AllowESP 2003-04-12 13:46:03.000000000 +1000
41 @@ -0,0 +1,6 @@
42 + /sbin/iptables --new-chain esp-in
43 + /sbin/iptables --append INPUT -p 50 -j esp-in
44 + /sbin/iptables --append INPUT -p 50 -j denylog
45 + /sbin/iptables --append esp-in -d \! $OUTERNET -j denylog
46 + /sbin/iptables --append esp-in -j denylog
47 +
48 diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustESP mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustESP
49 --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustESP 1970-01-01 10:00:00.000000000 +1000
50 +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustESP 2003-04-12 13:46:11.000000000 +1000
51 @@ -0,0 +1,8 @@
52 +{
53 + my $ipsec_status = $ipsec{status} || 'disabled';
54 + my $target = ($ipsec_status eq 'enabled') ? "ACCEPT" : "denylog";
55 +
56 + $OUT =
57 + " /sbin/iptables --replace esp-in 1 -d \\! \$OUTERNET -j denylog\n" .
58 + " /sbin/iptables --replace esp-in 2 -j $target";
59 +}
60 diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/30SourceAddressVerification mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/30SourceAddressVerification
61 --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/30SourceAddressVerification 2003-04-12 13:45:44.000000000 +1000
62 +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/30SourceAddressVerification 1970-01-01 10:00:00.000000000 +1000
63 @@ -1,5 +0,0 @@
64 - # Turn on Source Address Verification
65 - for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
66 - echo 0 > $f
67 - done
68 -
69 diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35ForwardIPSEC mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35ForwardIPSEC
70 --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35ForwardIPSEC 2003-04-12 13:50:08.000000000 +1000
71 +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35ForwardIPSEC 1970-01-01 10:00:00.000000000 +1000
72 @@ -1,4 +0,0 @@
73 - # Set up chains which allow us to bypass prerouting for IPSEC networks
74 - /sbin/iptables --table nat --new-chain PreroutingBypassIPSEC
75 - /sbin/iptables --table nat --append PREROUTING --jump PreroutingBypassIPSEC
76 -
77 diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40AllowIPSEC mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40AllowIPSEC
78 --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40AllowIPSEC 2003-04-12 13:56:17.000000000 +1000
79 +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40AllowIPSEC 1970-01-01 10:00:00.000000000 +1000
80 @@ -1,7 +0,0 @@
81 - # Set up chains which allow us to capture IPSEC connections
82 - /sbin/iptables --new-chain InputAllowIPSEC
83 - /sbin/iptables --append InputAllowIPSEC -i ipsec+ -j ACCEPT
84 - /sbin/iptables --append INPUT --jump InputAllowIPSEC
85 - /sbin/iptables --new-chain ForwardAllowIPSEC
86 - /sbin/iptables --append FORWARD --jump ForwardAllowIPSEC
87 -
88 diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowIPSEC mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowIPSEC
89 --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowIPSEC 2003-04-12 13:26:40.000000000 +1000
90 +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowIPSEC 1970-01-01 10:00:00.000000000 +1000
91 @@ -1,5 +0,0 @@
92 -{
93 - my $status = $ipsec{status} || 'disabled';
94 -
95 - $OUT = allow_udp_in(500, ($status eq 'enabled' ));
96 -}
97 diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/55AllowESP mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/55AllowESP
98 --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/55AllowESP 2003-04-12 13:46:03.000000000 +1000
99 +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/55AllowESP 1970-01-01 10:00:00.000000000 +1000
100 @@ -1,6 +0,0 @@
101 - /sbin/iptables --new-chain esp-in
102 - /sbin/iptables --append INPUT -p 50 -j esp-in
103 - /sbin/iptables --append INPUT -p 50 -j denylog
104 - /sbin/iptables --append esp-in -d \! $OUTERNET -j denylog
105 - /sbin/iptables --append esp-in -j denylog
106 -
107 diff -Nur -x '*.orig' -x '*.rej' smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustESP mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustESP
108 --- smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustESP 2003-04-12 13:46:11.000000000 +1000
109 +++ mezzanine_patched_smeserver-ipsec-0.0.2/root/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustESP 1970-01-01 10:00:00.000000000 +1000
110 @@ -1,8 +0,0 @@
111 -{
112 - my $ipsec_status = $ipsec{status} || 'disabled';
113 - my $target = ($ipsec_status eq 'enabled') ? "ACCEPT" : "denylog";
114 -
115 - $OUT =
116 - " /sbin/iptables --replace esp-in 1 -d \\! \$OUTERNET -j denylog\n" .
117 - " /sbin/iptables --replace esp-in 2 -j $target";
118 -}
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed