diff options
Diffstat (limited to 'security/knock/files/patch-doc__knockd.1.in')
| -rw-r--r-- | security/knock/files/patch-doc__knockd.1.in | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/security/knock/files/patch-doc__knockd.1.in b/security/knock/files/patch-doc__knockd.1.in new file mode 100644 index 000000000000..09a23f5d0056 --- /dev/null +++ b/security/knock/files/patch-doc__knockd.1.in @@ -0,0 +1,58 @@ +--- ./doc/knockd.1.in.orig 2005-06-29 20:45:17.000000000 +0200 ++++ ./doc/knockd.1.in 2011-08-17 13:29:55.000000000 +0200 +@@ -60,13 +60,13 @@ + sequence = 7000,8000,9000 + seq_timeout = 10 + tcpflags = syn +- command = /usr/sbin/iptables -A INPUT -s %IP% -j ACCEPT ++ command = /usr/sbin/iptables -A INPUT -s %IP% --dport 22 -j ACCEPT + + [closeSSH] + sequence = 9000,8000,7000 + seq_timeout = 10 + tcpflags = syn +- command = /usr/sbin/iptables -D INPUT -s %IP% -j ACCEPT ++ command = /usr/sbin/iptables -D INPUT -s %IP% --dport 22 -j ACCEPT + + .fi + .RE +@@ -115,7 +115,7 @@ + start_command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 25 -j ACCEPT + cmd_timeout = 5 + stop_command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 25 -j ACCEPT +- ++ + .fi + .RE + .SH CONFIGURATION: GLOBAL DIRECTIVES +@@ -132,7 +132,7 @@ + .TP + .B "Interface = <interface_name>" + Network interface to listen on. Only its name has to be given, not the path to +-the device (eg, "eth0" and not "/dev/eth0"). Default: eth0. ++the device (eg, "fxp0" and not "/dev/fxp0"). Default: fxp0. + .SH CONFIGURATION: KNOCK/EVENT DIRECTIVES + .TP + .B "Sequence = <port1>[:<tcp|udp>][,<port2>[:<tcp|udp>] ...]" +@@ -158,7 +158,7 @@ + \fBNote\fP: Do not edit the file while knockd is running! + .TP + .B "Seq_Timeout = <timeout>" +-Time to wait for a sequence to complete in seconds. If the time elapses ++Time to wait (in seconds) for a sequence to complete in seconds. If the time elapses + before the knock is complete, it is discarded. + .TP + .B "TCPFlags = fin|syn|rst|psh|ack|urg" +@@ -183,10 +183,10 @@ + directive is optional, only required if \fBStop_Command\fP is used. + .TP + .B "Stop_Command = <command>" +-Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed ++Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed + since \fBStart_Command\fP has been executed. All instances of \fB%IP%\fP will + be replaced with the knocker's IP address. This directive is optional. +-.SH SECURITY NOTES ++.SH SECURITY NOTES + Using the \fB-l\fP or \fB--lookup\fP commandline option to resolve DNS names + for log entries may be a security risk! An attacker may find out the first port + of a sequence if he can monitor the DNS traffic of the host running knockd. |