
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# accept
#i# cluster novirtual
#n# ftpactv
#t# servers
#
#   |--------------------------------------------------------------------|
#d# When you connect to a remote server and initiate an active (default) 
#d# FTP transfer, the remote server will connect to a high port from it's
#d# data port (20). Unless absolutely necessary, do not use "any/0". Some
#d# security issues have been raised when allowing outgoing connections to
#d# port 21 (used by FTP to login).  Using "any/0" also leaves you open to
#d# port scanning if the source port is 20.
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

for host in `Option_Value accept $INTOPT ftpactv servers`
do
	echo "Accept $INTOPT $IPADDR FTP Actv -> $host FTP $LOG_MSG"
	if [ "$CLUSTER_NAME" ]
	then
		ipchains -A $OUTCHAIN -j ACCEPT -p tcp      -s $host ftp-data       -d $IPADDR $UNPRIVPORTS $LOG
		ipchains -A $INCHAIN  -j ACCEPT -p tcp ! -y -s $IPADDR $UNPRIVPORTS -d $host ftp-data       $LOG
	else
		ipchains -A $INCHAIN  -j ACCEPT -p tcp      -s $host ftp-data       -d $IPADDR $UNPRIVPORTS $LOG
		ipchains -A $OUTCHAIN -j ACCEPT -p tcp ! -y -s $IPADDR $UNPRIVPORTS -d $host ftp-data       $LOG
	fi
done
unset host

