
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2000-10-20  Jean-Sebastien Morisset <jsmoriss@jsm-mv.dyndns.org>
#             Moved 'ftp-data' rules above 'ftp'.
# 2000-10-14  Jean-Sebastien Morisset <jsmoriss@jsm-mv.dyndns.org>
#             Initial module written for v5.0.
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# accept
#i# cluster
#n# ftpactv
#t# clients
#
#   |--------------------------------------------------------------------|
#d# Accept active FTP connections from these clients.
#d#
#d# FTP servers can generally be configured (internally or by using tcp 
#d# wrappers) to accept connections from specific hosts. You should take
#d# advantage of this added security when possible.
#d#
#d# Using "any/0" here is perfectly ok, so long as you control host access
#d# using your FTP server (deny all and allow only specific hosts to 
#d# connect).
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

for host in `Option_Value accept $INTOPT ftpactv clients`
do
	echo "Accept $INTOPT $IPADDR FTP <- $host FTP Actv $LOG_MSG"

	ipchains -A $INCHAIN  -j ACCEPT -p tcp      -s $host $UNPRIVPORTS -d $IPADDR ftp        $LOG
	ipchains -A $OUTCHAIN -j ACCEPT -p tcp ! -y -s $IPADDR ftp        -d $host $UNPRIVPORTS $LOG

	ipchains -A $INCHAIN  -j ACCEPT -p tcp ! -y -s $host $UNPRIVPORTS -d $IPADDR ftp-data   $LOG
	ipchains -A $OUTCHAIN -j ACCEPT -p tcp      -s $IPADDR ftp-data   -d $host $UNPRIVPORTS $LOG
done
unset host

