Hi Scott, hi Bill!
Am Dienstag, den 03.10.2006, 10:05 -0400 schrieb Scott Ullrich:
> With the afterfilterchangeshellcmd command. It is run every time a
> filter change occurs as the last item. So you can override *ANYTHING*
> the system does including launching your own scripts or launching a
> custom ftpsesame process.
No, as I told you already, the system_start_ftp_helpers() is launched
_after_ filter_configure_sync in /etc/rc.bootup. And ftpsesame is killed
by "killall" in system_start_ftp_helpers() after been started in
filter_configure_sync :-( So, you can see, that the
afterfilterchangeshellcmd command isn't any solution for that problem.
When I'm posting lines of source code, you can believe me that I have
bravely taken a look at it ;-)
OK, I'll write my own code, since I'm experienced enough. I wanted a
clean solution for all users, but that's apparently not the goal here.
People will further cry at the forum that ftp isn't working. I do know
the reason why and now you know too.
> I cannot think of any way to cleanly solve this problem. In addition
> the entire FTP situation has me a little burned out at this point. I
> just want to get 1.0 out the door, relax a bit then revisit the
> problem for a future version.
Yes FTP is a shame. But it's used in many places and the solution isn't
to tell people not to use it (though I'm of the same opinion as Bill is,
don't use "bad" protocols over a FW). And think of the other bad
designed - i case of firewalls - protocols like SIP, PPTP, many
meeting/colaboration protocols ...
BTW: I do love the way the netfilter connection tracking modules in
linux are solving that problem and don't know any reason why that code
isn't adapted by the pf devs. There must be any reason for not using
such an API. I'll have to search why. Maybe you can give me a link.
> However, don't let me distract you from trying. If you can figure out
> a solution I am all ears.
I'll try to find one that will fit 99.999% of all users. Point 3) isn't
solved and I do not know how, but give me some time.
BR, PIT
---------------------------------------------------------------------------
copyleft(c) by | This code passes Torvalds test grades 0, 1 and
Peter Allgeyer | _-_ 2 (it looks ok, it compiles and it booted).
| 0(o_o)0 -- Alan Cox
---------------oOO--(_)--OOo-----------------------------------------------
