From patchwork Sun Nov 7 06:40:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 2063 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id yFg1BOkTiGEGKgAAIUCqbw (envelope-from ) for ; Sun, 07 Nov 2021 12:59:05 -0500 Received: from proxy11.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id sIIFBOkTiGGrAQAAalYnBA (envelope-from ) for ; Sun, 07 Nov 2021 12:59:05 -0500 Received: from smtp20.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.ord1d.rsapps.net with LMTPS id MGhGDdcTiGFiXgAAgKDEHA (envelope-from ) for ; Sun, 07 Nov 2021 12:58:47 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp20.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=lichtenheld.com X-Suspicious-Flag: YES X-Classification-ID: 6503480a-3ff4-11ec-940d-bc305bf03180-1-1 Received: from [216.105.38.7] ([216.105.38.7:44384] helo=lists.sourceforge.net) by smtp20.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id A1/57-14176-8E318816; Sun, 07 Nov 2021 12:59:04 -0500 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1mjmQb-0002xf-SR; Sun, 07 Nov 2021 17:58:01 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mjmQa-0002xU-7t for openvpn-devel@lists.sourceforge.net; Sun, 07 Nov 2021 17:58:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Wy45r597lr/OgHNF00Yp+PsJVDNFMxYX+R7YW0igVa0=; b=AAls5K7rH4hYAKX6Bpf4qpDBmT yjFoSO1rwKrNk+mFZF5MTSZFLElk0m6cOAZ+JxlIRBoQm5NWm6YElCZskCvDB81VkmsdBZ7r3zmQC iga4zCJvJWnfJowquieoGOL2q3Ml1jy5l7uja4EM6YoyTkVSIZE+wHPQs4u1LUtS6mJs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=Wy45r597lr/OgHNF00Yp+PsJVDNFMxYX+R7YW0igVa0=; b=Y 1keJMizxKe4U5CCpu/gPfwlLpINARtE1bi5ZSeSz0kLzUCemT6xylHk82cjnnoWtdhHEfq/1bwAar ZaDLm9R966jhoAryKWdMecFu3HiVw5thNwE4NvNbIIMM/E4UyYoT3nJ/BBR6e9g++aMtCMYwpdoPV XwsvlaqHSdOEuOjM=; Received: from mout-p-102.mailbox.org ([80.241.56.152]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mjmQY-005FGq-89 for openvpn-devel@lists.sourceforge.net; Sun, 07 Nov 2021 17:58:00 +0000 Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:105:465:1:1:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4HnM2g3wKDzQjXy; Sun, 7 Nov 2021 18:40:11 +0100 (CET) From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Sun, 7 Nov 2021 18:40:00 +0100 Message-Id: <20211107174000.16210-1-frank@lichtenheld.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: EDAC6188C X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Adrian The man page says: [!] -s, --source address[/mask][, ...] Signed-off-by: Frank Lichtenheld --- sample/sample-config-files/firewall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Content analysis details: (-0.7 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: firewall.sh] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [80.241.56.152 listed in wl.mailspike.net] -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.152 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1mjmQY-005FGq-89 Subject: [Openvpn-devel] [PATCH] Fix error in example firewall.sh script X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Adrian Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Adrian The man page says: [!] -s, --source address[/mask][,...] Signed-off-by: Frank Lichtenheld Acked-By: David Sommerseth --- sample/sample-config-files/firewall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) As part of an initative to clean up the Github PR submissions, submitting this patch to the mailing list for inclusion. Looks obviously correct to me. diff --git a/sample/sample-config-files/firewall.sh b/sample/sample-config-files/firewall.sh index 19d75ee9..456700ca 100755 --- a/sample/sample-config-files/firewall.sh +++ b/sample/sample-config-files/firewall.sh @@ -50,7 +50,7 @@ iptables -A OUTPUT -p tcp --sport 137:139 -o eth0 -j DROP iptables -A OUTPUT -p udp --sport 137:139 -o eth0 -j DROP # Check source address validity on packets going out to internet -iptables -A FORWARD -s ! $PRIVATE -i eth1 -j DROP +iptables -A FORWARD ! -s $PRIVATE -i eth1 -j DROP # Allow local loopback iptables -A INPUT -s $LOOP -j ACCEPT