Proftpd Install Issue On Cent Os 5

Feb 22, 2008

I have been attempting to install Proftpd on linux(cent os 5 32 bit). The issue is i have to use proftpd i can't use vsftp or pure ftp I have downloaded the RPM. I downloaded this one to the server [url]. and i ran the command rpm -ivh proftpd* and it did its thing for a second and told me it was done. But when i run the command /etc/init.d/proftpd start or restart it doesn't wanna start. It just tells me failed. Can anyone help me with this? I'm not sure what else i can do.

View 6 Replies


ADVERTISEMENT

Plesk 11.x / Linux :: ProFTPD Not Working On Fresh Ubuntu 12.04 LTS Install

May 10, 2014

I had a HDD crash recently on my Root Server. Replaced HDDs, installed Ubuntu 12.04 LTS, since Ubuntu 14.04 LTS is not supported by Plesk yet. Anyway...

I had 2 issues:

1) Could not create Customers, because IP Pool was empty. Changed IP Type from Dedicated to Shared. Fixed issue.
2) Cannot connect to the FTP Server using the Login Data from one of my Domains.

FlashFXP and FileZilla both show the same error, which is:

Code:
Response:220 ProFTPD 1.3.4c Server (ProFTPD) [*ip removed*]
Command:USER *user removed*
Response:331 Password required for *user removed*
Command:PASS **************
Response:530 Login incorrect.
Error:Critical error
Error:Could not connect to server

View 1 Replies View Related

Upgrading From Cent Os 4.7 To Cent Os 5.2

Nov 28, 2008

Is there any sense to upgrade to cent os 5?I mean,is there any critical benefit which will increase server performance if i do that.I noticed i can upgrade over ssh but since that will generate downtime i wonder is there a sense to do that.

View 1 Replies View Related

Cent OS

Apr 23, 2007

I have a server in our office which is used as a share drive. Puts all accounting docs on it ect. After 6 or so, it will loss all conectivity completely. Yet the server still stays on. We installed everything in all packages on the server including it graphical interface. We havent mucked with any of the powersavings so what could it be. Also there is nothing plugged into it eg screen,keyboard and mouse. All that is connected is the power cable and the ethernet cable. That is it.

It is directly connected to a belkin wireless router

View 12 Replies View Related

Ubuntu Vs Cent Os

Jul 18, 2009

Which operative system you mostly use on your server?Right now i have only centos installations,but it seems ubuntu have larger file repository with their apt system compared to yum.

View 14 Replies View Related

Should I Upgrade To Cent Os 5

Sep 19, 2007

Would any recommend upgrading to centos 5? Anyone with any expereience in it, and would recommend it?

View 1 Replies View Related

Cent Os And Graphics Mod

Jul 19, 2007

i want know centos have mystery windows graphics mod?

i want remote to my server

View 2 Replies View Related

Is There Any Free Firewalls Available For Cent OS ?

Jan 8, 2008

Are there any free Fire walls available for CentOS 32 bit ?

I heard APF Firewall . Is that APF Firewall free ?

Is that APF Firewall has enough security ?

Is that slow down my server?

(p4 -D 3GHz / 1GB Ram)

View 10 Replies View Related

How Does Cent Os Pick Mirror?

Nov 5, 2009

I noticed with every new cent os server there are different mirrors for cent os repos.Since on each cent os repo file is same,how does it pick which mirror it pick?I ask beacuse latest server has picked one extremly slow edu mirror which is not just slow,it also timeout,and it may extend update to 2 hours instead 5 minutes which usually will take.So how do i change base mirror on base cent os repo?

View 3 Replies View Related

Cent Os 5 Or 5.3 And Will Kloxo Work With 5.3

Jun 24, 2009

cent os 5 or 5.3 - which is preferred?

And will kloxo work on cent Os 5.3 64bit?

or atleast 32 bit?

View 8 Replies View Related

How To Check Which Version Of Cent Os Is Used

Jun 28, 2009

how to check which version of cent os is used?

my friend ordered an vps with a host, he ordered 5.3 - 32bit but some how I feel he has been provided with 5.0 version by the host, I didn't know how to confirm it, when I checked his hypervm, this was the cent os details provided:

Ostemplate: centos-5-i386-hostinabox576

there is rebuild option in the hypervm and in tht when I look out,here it shows the following:
[url]

what my friend exactly needs is a cent os 5.3 - 32bit system, so if he selects cent os 5.3-ix386 (full) will it install with cent os 5.3 ?? he doesn't want kloxo to b in there auto, he/I can install tht,

View 6 Replies View Related

The FreeBSD Vs. Cent OS Debate

Feb 25, 2008

I am about to buy a server to lease... and I was wondering FreeBSD or Cent OS?

I wanted to go with FreeBSD because it is known for the best uptime; but, are there drawbacks?

View 14 Replies View Related

EMail Relaying Withe CPanel/WHM Cent OS

Jun 2, 2009

I have a server at The Planet that runs Cent OS with cPanel/WHM. It is using Exim as the mail transport.

I am having a problem with gmail.com accounts relaying mail through my server.

I would like to have only domains that I host be allowed to send mail through my server. How can I accomplish this?

View 2 Replies View Related

ProFTPd

Oct 12, 2009

I am running Proftpd on my RedHat. I have disabled anonymous login because i dont need it and its running fine.

I have created a user named test on the server and i try to connect it by typing ftp://myserver/ and then provide the id and pass.

Now it logged-in successfully but cant access any directories on the server. i have been Google around but really getting confused how i properly create a ftp user

i want the test user to access the following directories and he can be able to upload and download files from these directories

/home/usman/public_html/
/home/usman/public_ftp/
/home/usman/cgi-bin/

View 2 Replies View Related

ProFTPd

Jul 13, 2007

This isn't a major problem but I was just wondering something regarding how ProFTPd functions. I have received a complaint about a user uploading a script, the script creating files and directories, and the user not being able to CHMOD, delete, rename, or do anything to these files.

When files are created through scripts on my server, they are given a default owner permission with "www-data" for the user and group.

Since ProFTPd is set up to only modify files on certain owner permissions according to the user's FTP access, ProFTPd will not allow any other owner permission and if any other owner permissions exist, ProFTPd will not allow those files to be modified or changed in anyway.

Is there a way to fix this? I've been trying to figure it out but I can't.

Just for note, I am using proftpd-mysql and so every user is linked through a MySQL database.

View 5 Replies View Related

Proftpd

Mar 3, 2007

When connecting via an ftp client I want the directory listed to be /var/www/html but currently it's /home/username. I've tried changing the initial login directory with webmin to /var/www/html but to no avail. How would this be done?

View 1 Replies View Related

ProFTPD Security

May 21, 2008

i use ProFTPD as FTP.

I use webmin as admin panel.

After installation, im worried about the default security config.

Also, i can log as anonym wich is ok, however i can't log using my unix user what i have to do?

Here's my config sample;

Quote:

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName"Junky-Monkey"
ServerTypestandalone
DefaultServeron

# Port 21 is the standard FTP port.
Port21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances30

# Set the user and group under which the server will run.
Usernobody
Groupnobody

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

# Normally, we want files to be overwriteable.
<Directory />
AllowOverwriteon
</Directory>

# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
Userftp
Groupftp

# We want clients to be able to login with "anonymous" as well as "ftp"
UserAliasanonymous ftp

# Limit the maximum number of anonymous logins
MaxClients10

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLoginwelcome.msg
DisplayFirstChdir.message

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>

View 1 Replies View Related

ProFTPD And Webmin

Jul 17, 2007

I am trying to set up the FTP on my VPS. I am using webmin control pannel and os CentOs 4.

I have created a user called mic and made the home dir of the user /var/www/. then placed the user in the group ftpusers.

I then went into the proFTPD server config but of webadmin and set the user and group. i then tryed to log in to the FTP. SUCSESS.

BUT .... wen i tryed to upload somethink it give me permission denied. and when i try to delete somethink Access denied.

What did i do wrong?

View 5 Replies View Related

Proftpd And Plesk

Mar 22, 2007

I would like to setup proftpd with mod_sql to access a mysql database for ftp accounts instead of using pam. The server has pleask 8.1 installed with psa-proftpd-xinetd-1.3.0 installed. How do I recompile the psa-proftpd with --with-modules=mod_sql option? Here is the current proftpd configure command:

configure --localstatedir=/var/run --with-libraries=/usr/lib64 --sysconfdir=/etc --with-modules=mod_ratio:mod_readme:mod_quota --with-modules=mod_ratio:mod_readme:mod_quota:mod_tls --enable-buffer-size=8192 --prefix=/usr CC=gcc CFLAGS=-O -pipe -O3 -fexpensive-optimizations -fstrength-reduce -pipe -DPLESK_Linux -I/usr/include/libxml2 -I/home/builder/buildbot/psa-aiconfig-810-fc4x64/build/plesk/lib/dist/usr/include -I/usr/include CXXFLAGS=-O -pipe -O3 -fexpensive-optimizations -fstrength-reduce -pipe -DPLESK_Linux -I/usr/include/libxml2 -I/home/builder/buildbot/psa-aiconfig-810-fc4x64/build/plesk/lib/dist/usr/include -I/usr/include CXX=g++ LDFLAGS= --enable-ltdl-convenience --no-create --no-recursion

View 1 Replies View Related

Proftpd RLimitCPU

Jan 31, 2007

anyone used this directive?

how did you decide on a decent value to set the limits at?

ideally id just like to stop processes taking up too much cpu, but it seems you cant set it as a %..

View 1 Replies View Related

Mysql_mod Missing For ProFTPD

Jul 18, 2007

Trying to install ProFTPD with mysql, the problem is after installing it and adding the lines in the config file to use MySQL the service fails to start. The error Im getting is:

"unknown configuration directive 'SQLAuthTypes'"

So it seems like it doesnt recongize the function needed to use mysql with proftpd, which is in mysql_mod.c. I did proftpd -l and the mysql_mod.c was not listed, I did a search on the whole box and couldnt find mysql_mod anywhere. Im on Fedora Core 6 and tried to install proftpd with yum:

yum install proftpd proftpd-mysql

Do I have to compile from source to get this to work? Or did I miss installing something else that would have mysql_mod.c present? I currently have mysql installed and running, tested the login info I had in the config file and everything works on the mysql side.Silly

View 1 Replies View Related

Proftpd :: Set Up Virtual Hosts

Jun 8, 2009

What I want to do is setup virtualhosts for my clients and set the user/group that their files upload as. been on google and im guessing ill need to setup mod_auth?

View 2 Replies View Related

ProFTPd :: Set Group And Permissions

Nov 15, 2008

Currently I have

Umask 027

The problem is, how do I get the group to be set as apache on a file/dir upload? I really do not like having other permissions set, as it can be a security risk, allowing others to access someone else's files.

Another issue is, I can't remove privileges, but I can add them.

copy of proftpd.conf:

Code:
ServerName "FTP"
ServerType standalone

Port 21
PassivePorts 35000 35999
UseReverseDNS off
TimesGMT off
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600

#MaxCients 20 "Sorry, the maximum number of allowed users are already connected (%m)"
#MaxClientsPerHost 2
#MaxClientsPerUser 2
MaxConnectionsPerHost 6 "Sorry, you may not have more then 6 connections open at a time"
MaxHostsPerUser 6 "Sorry, you may not connect more than 6 times"

ScoreboardFile /var/run/proftpd/proftpd.pid

TransferLog /var/log/proftpd/xferlog.legacy
LogFormat default "%h %l %u %t "%r" %s %b"
LogFormat auth "%v [%P] %h %t "%r" %s"
LogFormat write "%h %l %u %t "%r" %s %b"

#DON'T modify this log format. Its used by DirectAdmin to determine user usage
LogFormat userlog "%u %b"
ExtendedLog /var/log/proftpd/IP.bytes WRITE,READ userlog

AuthUserFile /etc/proftpd.passwd
DefaultServer on

#AuthPAM off

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd.tls.log
TLSProtocol TLSv1
TLSVerifyClient off
TLSRequired off

#Certificates
TLSRSACertificateFile /etc/exim.cert
TLSRSACertificateKeyFile /etc/exim.key
#TLSCACertificateFile /etc/ftpd/root.cert.pem
</IfModule>

<Global>
DeferWelcome on

RequireValidShell no

DefaultRoot ~
DirFakeUser on ftp
DirFakeGroup on ftp

User ftp
Group ftp
#UserAlias anonymous ftp

AllowStoreRestart on
AllowRetrieveRestart on

ListOptions -a

Umask 027 022
DisplayLogin welcome.msg
DisplayChdir readme
AllowOverwrite on
IdentLookups off
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth

#
# Paranoia logging level....
#
#ExtendedLog /var/log/proftpd/paranoid.log ALL default

</Global>

Include /etc/proftpd.vhosts.conf

View 4 Replies View Related

ProFTPd To Windows Over SAMBA

Mar 14, 2008

We've got a Linux box running ProFTPd reaches a Windows box over SAMBA. This works very well but when the client has a great number of files, the FTP Windows-based FTP clients they use don't always give accurate directory listings (if any at all). I know there's some bug in the way SAMBA works with Windows File Sharing but I don't know what the magic file number is that, when reached, prevents a proper directory listing. Does anyone know what this magic number is or if there's an available, tested fix for this?

View 3 Replies View Related

Proftpd Fail On Start

Oct 6, 2007

I wanted to upgrade proftpd and dit this.

I followed an how-to on directadminforums:

Code:
cd /usr/local/directadmin/customapache/
wget ftp://ftp.proftpd.org/distrib/source....3.1rc2.tar.gz
tar xzf proftpd-1.3.1rc2.tar.gz
rm -rf proftpd-1.3.1rc2.tar.gz
cd proftpd-1.3.1rc2
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run --with-modules=mod_ratio:mod_readme:mod_tls
make
make install
perl -pi -e "s/^AuthPAM on/#AuthPAM on/g" /etc/proftpd.conf
/etc/rc.d/init.d/proftpd restart
I changed the proftpd-1.3.1rc2 version to the newest version of proftpd.org

When I run /etc/init.d/proftpd start, I get the following:

Code:
Starting proftpd: - mod_tls/2.1.2: compiled using OpenSSL version 'OpenSSL 0.9.7k 05 Sep 2006' headers, but linked to OpenSSL version 'OpenSSL 0.9.7a Feb 19 2003' library
- Fatal: unable to load module 'mod_tls.c': Operation not permitted
[FAILED]

View 4 Replies View Related

OpenSSL - CURL, Httpd And Proftpd

Apr 14, 2009

so I got OpenSSL 0.9.8k up and installed, no issued:

Quote:

# openssl
OpenSSL> version
OpenSSL 0.9.8k 25 Mar 2009
OpenSSL>

Rebuilt cURL (and then php), httpd and proftpd but all of them are still linking to the older libraries for some reason

Quote:

# curl -V
curl 7.19.4 (x86_64-unknown-linux-gnu) libcurl/7.19.4 OpenSSL/0.9.8g zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http https ftps
Features: IPv6 Largefile NTLM SSL libz

Quote:

[Tue Apr 14 00:11:03 2009] [notice] Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8g DAV/2 PHP/5.2.9 Apache configured -- resuming normal operations

Quote:

Starting proftpd: - mod_tls/2.2.1: compiled using OpenSSL version 'OpenSSL 0.9.8i 15 Sep 2008' headers, but linked to OpenSSL version 'OpenSSL 0.9.8g 19 Oct 2007' library

proftpd has its own set of issues obviously built with i headers and linked to g headers. Any ideas wtf I did? I recomplined and restarted everything. I removed the g and i libraries completely. OpenSSH seems happy and nothing is actually "wrong", the server is working fine but I'm really anal retentive this way...it's kinda how I feel "safer" at the OS level.

View 3 Replies View Related

ProFTPd - Login Via SFTP Only? Using Webmin

Nov 15, 2008

I have installed ProFTPd through Webmin onto Ubuntu 8.10 Server edition.

I can connect to ProFTPd via FTP on Port 21 no problem, but currently am unable to via SFTP (using WinSCP).

I would like to block all FTP access on Port 21 and only make it only possible to connect via SFTP/SSH on Port 22.

View 1 Replies View Related

High Load With Many Proftpd Processes

Oct 25, 2007

I have a centos 4.4 server, I noticed the load is high and when I checked the top command I found the following:

Code:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
17212 root 25 0 11504 6236 908 R 57 0.3 195:58.73 http
27994 ftp 18 0 7624 2232 336 R 48 0.1 0:02.39 proftpd
7056 nobody 15 0 27764 10m 1884 S 8 0.5 0:00.62 httpd
4738 nobody 15 0 25788 8952 1976 S 7 0.4 0:08.01 httpd
7199 root 18 0 6376 3704 760 R 6 0.2 0:02.41 top
7021 nobody 16 0 27240 10m 1964 S 5 0.5 0:01.73 httpd
3999 nobody 16 0 26888 9.9m 2008 S 5 0.5 0:09.39 httpd
7180 nobody 15 0 26524 9524 1700 S 5 0.5 0:00.16 httpd
6330 nobody 15 0 26856 9.8m 1992 S 4 0.5 0:04.34 httpd
6272 nobody 15 0 26764 9912 1968 S 2 0.5 0:05.36 httpd
6239 nobody 15 0 25428 8476 1888 S 1 0.4 0:02.95 httpd
1 root 16 0 2300 96 68 S 0 0.0 4:46.28 init
20323 ftp 16 0 5116 428 312 S 0 0.0 0:00.92 proftpd
22126 ftp 16 0 5512 428 312 S 0 0.0 0:01.03 proftpd
22313 ftp 16 0 5644 424 312 S 0 0.0 0:01.00 proftpd
22781 ftp 16 0 5644 460 304 S 0 0.0 0:01.04 proftpd
22837 ftp 16 0 5644 424 312 S 0 0.0 0:01.02 proftpd
24157 ftp 16 0 5776 432 308 S 0 0.0 0:01.09 proftpd
24176 ftp 16 0 5776 432 308 S 0 0.0 0:01.09 proftpd
24989 ftp 16 0 6040 476 316 S 0 0.0 0:00.91 proftpd
25327 ftp 16 0 6172 548 308 R 0 0.0 0:01.02 proftpd
25526 ftp 16 0 6172 808 308 R 0 0.0 0:01.03 proftpd
26013 ftp 16 0 6172 1128 308 R 0 0.1 0:00.98 proftpd
26152 ftp 16 0 6172 1144 312 R 0 0.1 0:01.00 proftpd
26306 ftp 16 0 6172 1172 308 R 0 0.1 0:01.02 proftpd
26455 ftp 16 0 6172 1420 312 S 0 0.1 0:04.02 proftpd
26860 ftp 16 0 6172 928 308 S 0 0.0 0:01.04 proftpd
26936 ftp 16 0 6172 928 308 S 0 0.0 0:00.91 proftpd
27166 ftp 16 0 6172 800 308 S 0 0.0 0:00.96 proftpd
27329 ftp 16 0 6172 716 308 S 0 0.0 0:01.01 proftpd
15659 ftp 16 0 6172 592 308 S 0 0.0 0:00.99 proftpd
4944 ftp 16 0 6172 544 336 S 0 0.0 0:00.98 proftpd
5163 ftp 16 0 6304 544 336 S 0 0.0 0:00.99 proftpd
18964 ftp 16 0 6304 608 308 S 0 0.0 0:00.96 proftpd
19151 ftp 16 0 6304 620 328 S 0 0.0 0:00.99 proftpd
4986 ftp 16 0 6304 596 308 S 0 0.0 0:00.87 proftpd
30721 ftp 16 0 6436 612 312 S 0 0.0 0:00.94 proftpd
13808 ftp 16 0 6436 644 316 S 0 0.0 0:01.01 proftpd
13905 ftp 16 0 6436 640 316 S 0 0.0 0:00.97 proftpd

also when I checked the `ps aux` command I found a lot in this form:

Code:
ftp 22006 0.0 0.0 5512 424 ? S 01:24 0:01 proftpd: (accepting connections)

View 2 Replies View Related

Debian + Plesk + Proftpd Fails

Aug 2, 2007

My Plesk version is 8.2 and i use debian 3.1, I check the instructions on

[url]

this faq, it seems added in both inetd configuration file and xinetd.d configuration file in my configuration, also xinetd is working through system but ftp cannot be connectable. It gives "Unable to login server" from remote client and i also check with command line ftp client and service says that "421 Service not available, remote server has closed connection"

I also check this

[url]

faq and port is open:

Quote:

Starting nmap 3.81 [url] at 2007-08-02 16:59 CEST
Interesting ports on xx-server.xxxxxx.net (xxx.xxx.xxx.xxx):
PORT STATE SERVICE
21/tcp open ftp

Nmap finished: 1 IP address (1 host up) scanned in 0.013 seconds

Is there anyone knows how could I solve this situation?

View 1 Replies View Related

ProFTPD 1.3.0a Server Append/Restart Not Permitted

Jun 8, 2008

I try to upload a big file between 300 and 500 MB by FTP to my dedicated server but connection is broken and when I try to do the resume it's not allowed how can I enable upload big files and resume files in ProFTPD 1.3.0a or am I missing something inthe conf file ?.

Here is the log: ..........

View 0 Replies View Related

Proftpd Timeout Connection Attempt Failed

Jan 2, 2007

Currently having a problem with proftpd on my centos plesk 8.1 server.

During large uploads, lets say around 10 MB the FTP connection fails within 5 minutes or so saying:

"A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond."

I have asked for help from my server provider but they have tried and are now unable to help.

I currently have the APF firewall in my server.

Has anyone experienced this?

Below is the APF config file that i currently have & the proftpd config files that i have, if anyone can help it would be really really appreciated

APF CONFIG:

Code:
#!/bin/sh
#
# APF 0.9.6 [apf@r-fx.org]
#
# NOTE: This file should be edited with word/line wrapping off,
# if your using pico please start it with the -w switch
# (e.g: pico -w filename)
#

##
# [Devel Mode]
# !!! Do not leave set to (1) !!!
# When set to enabled; 5 minute cronjob is set to stop the firewall. Set
# this mode off (0) when firewall determined to be operating as desired.
##

# Set firewall cronjob (devel mode)
# 1 = enabled / 0 = disabled
DEVEL_MODE="0"

##
# [Main]
##

# The installation path of APF; this can be changed but it has not
# been tested what would happen.
INSTALL_PATH="/etc/apf"

# Untrusted Network interface(s); all traffic on defined interface will be
# subject to all firewall rules. This should be your internet exposed
# interfaces. Only one interface is accepted for each value.
# NOTE: The interfacing structure is being worked towards support of MASQ/NAT
IFACE_IN="eth0"
IFACE_OUT="eth0"

# Trusted Network interface(s); all traffic on defined interface(s) will by-pass
# ALL firewall rules, format is white space or comma seperated list.
IFACE_TRUSTED=""

# Enable virtual network subsystem; creats independent policy ruleset for each
# ip on a system (pulls data from 'ip addr list') to /etc/apf/vnet/ip.rules
# Template is located in the vnet/ folder for rule files. This feature can
# reduce apf start/stop performance and is not recommend for systems with more
# than 255 (/24) ip's. [0 = Disabled / 1 = Enabled]
SET_VNET="0"

# Support Monolithic kernel builds [no LKM's]. This mode of operation is
# not really supported and you use at your own risk.
SET_MONOKERN="0"

# Verifies that all inbound traffic is sourced from a defined local gateway MAC
# address. All other traffic that does not match this source MAC address will be
# rejected as untrusted traffic. It is quite trivial to forge a MAC address and as
# such this feature executes NO default accept policy against this MAC address.
VF_LGATE=""

# Verifies that the IF and IFACE_TRUSTED interfaces are actually routed (/sbin/route)
# to something. If not then chances are APF will not start properly if at all.
VF_ROUTE="1"

# Verifies that crond service is running when DEVEL_MODE=1; if not then APF will not
# try to load as if lock-up occures no cron service to flush firewall
VF_CROND="1"

# Verifies that the current system uptime is greater than this value before APF
# can activate. This is to prevent on-boot lockup issues or delays due to excessive
# amount of firewall rules. Value is in seconds; should you wish to disable this
# feature, simply set VF_UTIME to 0 value. !! NOTE: APF WILL NOT START ON IT's OWN;
# IT WILL EXIT WITH FATAL ERROR BELOW SET UPTIME !!
VF_UTIME="0"

##
# [Packet Filtering/Handling]
##

# How to handle TCP packet filtering?
#
# RESET (sends a tcp-reset; TCP/IP default)
# DROP (drop the packet; stealth ?)
# REJECT (reject the packet)
TCP_STOP="DROP"

# How to handle UDP packet filtering?
#
# RESET (sends a icmp-port-unreachable; TCP/IP default)
# DROP (drop the packet; stealth ?)
# REJECT (reject the packet)
# PROHIBIT (send an icmp-host-prohibited)
UDP_STOP="DROP"

# How to handle all other packet filtering? (icmp,arp,igmp)
#
# DROP (drop the packet)
# REJECT (reject the packet)
DSTOP="DROP"

# The sanity options control the way packets are scrutinized as
# they flow through the firewall. The main PKT_SANITY option is a
# top level toggle for all SANITY options and provides general
# packet flag sanity as a pre-scrub for the other sanity options
PKT_SANITY="1"

# Block any packets that do not conform as VALID; this feature
# is safe for most but some may experience protocol issues with
# broken remote clients
PKT_SANITY_INV="0"

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved