Date: Sat, 13 Mar 1999 22:27:07 -0800 (PST) From: Nick Sayer <nsayer@quack.kfu.com> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/10580: ftpio should use IP_PORTRANGE to be firewall friendly Message-ID: <199903140627.WAA75238@quack.kfu.com>
index | next in thread | raw e-mail
>Number: 10580
>Category: bin
>Synopsis: ftpio should use IP_PORTRANGE to be firewall friendly
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Mar 13 22:30:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator: Nick Sayer
>Release: FreeBSD 3.1-RELEASE i386
>Organization:
Just me
>Environment:
>Description:
ftp has a restricted port option. fetch and its friends should do
likewise.
>How-To-Repeat:
>Fix:
--- src/lib/ftpio/ftpio.c.orig Sat Apr 11 00:28:53 1998
+++ src/lib/ftpio/ftpio.c Sat Mar 13 20:32:10 1999
@@ -809,7 +809,16 @@
*fp = fdopen(s, mode);
}
else {
- int fd;
+ int fd,portrange;
+
+#ifdef IP_PORTRANGE
+ portrange = IP_PORTRANGE_HIGH;
+ if (setsockopt(s, IPPROTO_IP, IP_PORTRANGE, (char *)
+ &portrange, sizeof(portrange)) < 0) {
+ close(s);
+ return FAILURE;
+ };
+#endif
i = sizeof sin;
getsockname(ftp->fd_ctrl, (struct sockaddr *)&sin, &i);
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903140627.WAA75238>