From owner-freebsd-bugs  Sat Mar 13 22:30:16 1999
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id D984C14CF4
	for <freebsd-bugs@FreeBSD.org>; Sat, 13 Mar 1999 22:30:14 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.2/8.9.2) id WAA36613;
	Sat, 13 Mar 1999 22:30:01 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from quack.kfu.com (quack.kfu.com [170.1.70.2])
	by hub.freebsd.org (Postfix) with ESMTP id 024C914F3B
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 13 Mar 1999 22:27:25 -0800 (PST)
	(envelope-from nsayer@quack.kfu.com)
Received: (from root@localhost)
	by quack.kfu.com (8.9.2/8.8.5) id WAA75238;
	Sat, 13 Mar 1999 22:27:07 -0800 (PST)
Message-Id: <199903140627.WAA75238@quack.kfu.com>
Date: Sat, 13 Mar 1999 22:27:07 -0800 (PST)
From: Nick Sayer <nsayer@quack.kfu.com>
Reply-To: nsayer@quack.kfu.com
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: bin/10580: ftpio should use IP_PORTRANGE to be firewall friendly
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         10580
>Category:       bin
>Synopsis:       ftpio should use IP_PORTRANGE to be firewall friendly
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 13 22:30:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator:     Nick Sayer
>Release:        FreeBSD 3.1-RELEASE i386
>Organization:
Just me
>Environment:


>Description:

ftp has a restricted port option. fetch and its friends should do
likewise.


>How-To-Repeat:

>Fix:
	

--- src/lib/ftpio/ftpio.c.orig	Sat Apr 11 00:28:53 1998
+++ src/lib/ftpio/ftpio.c	Sat Mar 13 20:32:10 1999
@@ -809,7 +809,16 @@
 	*fp = fdopen(s, mode);
     }
     else {
-	int fd;
+	int fd,portrange;
+
+#ifdef IP_PORTRANGE
+	portrange = IP_PORTRANGE_HIGH;
+	if (setsockopt(s, IPPROTO_IP, IP_PORTRANGE, (char *)
+	    &portrange, sizeof(portrange)) < 0) {
+	    close(s);	
+	    return FAILURE;
+	};
+#endif
 
 	i = sizeof sin;
 	getsockname(ftp->fd_ctrl, (struct sockaddr *)&sin, &i);

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message