summaryrefslogtreecommitdiff
path: root/libexec/ftp-proxy
AgeCommit message (Collapse)Author
2003-01-31typos;Jason McIntyre
eeprom(8): added .Ar to fields, removed references to sun3 sshd(8): help and ok markus@ help and ok millert@
2003-01-26Removing leading spaces can result in a failure with multiline commands. Ok ↵Damien Couderc
millert.
2003-01-23Honour TCP_WRAPPERS mk.conf setting; ok millert@Damien Miller
2002-12-21better example rules from David Krause, Thanks!Henning Brauer
ok dhartmei@
2002-12-19various tweaks. someone mailed in a huge diff that was so wrong in soTheo de Raadt
many ways, and i wasted 2 hours finding the gems in it...
2002-12-19accidental commitTheo de Raadt
2002-12-19missing .PpTheo de Raadt
2002-12-01typo; David KrauseHenning Brauer
2002-11-27I fucked up. The manpage was correct before my last commit.Henning Brauer
noticed by Daniel. To unconfuse it a bit, add a little clarification. ok dhartmei@
2002-11-27corrections and clarifications from Han Boetes <han at mijncomputer dot nl>Henning Brauer
Thanks!
2002-10-11Add 'proto tcp' to example rdr rule, it's required now.Daniel Hartmeier
Found by grange@efnet.
2002-10-04use port 8021 in examplesHenning Brauer
inspired by a PR from rjmooney@aboveground.cx ok deraadt@
2002-10-04improvements; rjmooney@aboveground.cxTheo de Raadt
2002-07-24spacesTheo de Raadt
2002-07-24clean up docs a bitTheo de Raadt
2002-07-07typos/grammar/better wordsJan-Uwe Finck
in comments.
2002-07-03KNFTheo de Raadt
2002-06-17nat.conf(5) no longer exist, reference to pf.conf(5) insteadPeter Valchev
2002-06-16Some nat.conf(5) -> pf.conf(5) changes.Miod Vallat
Some nat.conf(5) references remain in the text, since it looks better than .Pa /etc/nat.conf and there is still a softlink.
2002-06-09no newlines in syslogBob Beck
2002-06-08add example using per-user pf rules to allow backchannel connectionsBob Beck
to the proxy.
2002-05-23KNF during an audit; found an improperly initialized sockaddrTheo de Raadt
2002-05-19 o End a sentence with a period, not a comma; Hans-Joerg HoexerTodd C. Miller
o Start all sentences on a new line (me)
2002-03-27We need ftp-proxy only on loopback.Mike Pechkin
todd@, beck@ ok
2002-03-12Pass full length to strlcat(). From Brian Poole.Daniel Hartmeier
2002-02-15Fix memory leak in get_proxy_env().Mike Pechkin
deraadt@ ok
2002-02-01missing periodJun-ichiro itojun Hagino
2002-01-10print proper host name for the proxy's peer; bob okMichael Shalayeff
2001-12-14RFC 959 wasn't clear about what happens around a PASV reply, and inBob Beck
fact RFC 1123 does say that it may not contain parenthesis, and you just have to look at the end of the line. Tholo managed to find a TOPS20 ftp server (toad.xkl.com) that doesn't put parens around the reply - This fixes it so it will handle either case.
2001-12-07kill more registers;Mike Pechkin
millert@ ok
2001-12-06comment typo, and $OpenBSD$ (thanks pval)Bob Beck
2001-12-06Fix realloc in getline so we exit on failure - in this context it's sillyBob Beck
to try to continue and hold on to the same memory if we can't get memory to hold a control command. log and fail instead. (absurdity spotted by theo)
2001-12-06use .Nm moreTheo de Raadt
2001-12-06don't use "you" in a man page.Bob Beck
2001-12-06*** empty log message ***Bob Beck
2001-12-05typoDaniel Hartmeier
2001-12-05Explain that filter rules need to let pass connections to the proxy portsDaniel Hartmeier
in, why this is so, and how it's done.
2001-12-03Ignore leading whitespace in commands. From Frank Denis. Closes PR 2226.Daniel Hartmeier
2001-12-03Remove the last line, pf does support IPv6 now.Daniel Hartmeier
From Dries Schellekens. Closes PR 2221.
2001-10-10 fix multi-line contunuations - ok deraadt@Bob Beck
2001-09-21 Drop privs to named group, not group with same name as user.Bob Beck
noticed by itojun, thanks. fries, you need to catch this for what you're using with faithd
2001-09-15IPv6 support from Ryan McBride (mcbride@countersiege.com)Mike Frantzen
2001-09-05-Make ftp-proxy drop privs to user "proxy" by default.Bob Beck
*WARNING* this means that it will die when it can't find user proxy if you are not running with a passwd database generated from current - Speling cleanup and missing va_end() noticed by <d.doroshenko@omnitel.net> - fix logging of getpwnam|getgrnam failures.
2001-09-05s/pf_natlook/pfioc_natlook (ioctl parameter struct)Daniel Hartmeier
2001-08-28remove unneeded code (this is done later)Bob Beck
2001-08-28oh, some cleanups etc etcTheo de Raadt
2001-08-22oopsBob Beck
2001-08-22Fixes for my worst abuses of nroff from mpech@Bob Beck
Add a sentence at the start for espie in dumb user mode :)
2001-08-22Duh.Bob Beck
2001-08-22-Functionify some of the main loop, so it isn't so horrificly deep and isBob Beck
a bit easier to look at, for small values of easier. -Add two options for -u user and -g group to optionally make the proxy drop privs after doing it's pf ioctl's to find out where to go. Running as non root does mean that the PORT and EPRT backchannels do not come from port 20, but this isn't a problem for most sensible ftp clients and sets of packet filter rules that aren't written by a knuckle dragging ape living in the 90's. I would make it drop privs by default, but technically this breaks the ftp specs, and for the upcoming stuff to deal with EPRT, we will need root privs to manipulate rdr rules).