diff --git a/net/snortsam/patches/100-iptables-path-fix.patch b/net/snortsam/patches/100-iptables-path-fix.patch index c8900c60f..971a70609 100644 --- a/net/snortsam/patches/100-iptables-path-fix.patch +++ b/net/snortsam/patches/100-iptables-path-fix.patch @@ -30,150 +30,150 @@ diff -ruN snortsam-orig/src/ssp_iptables.c snortsam/src/ssp_iptables.c #ifdef FWSAMDEBUG @@ -131,14 +131,14 @@ - { case FWSAM_HOW_IN: - /* Assemble command */ - if (snprintf(iptcmd,sizeof(iptcmd)-1, -- "/sbin/iptables -I FORWARD -i %s -s %s -j DROP", -+ "/usr/sbin/iptables -I FORWARD -i %s -s %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) { - snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); - logmessage(1,msg,"iptables",0); - return; - } - if (snprintf(iptcmd2,sizeof(iptcmd2)-1, -- "/sbin/iptables -I INPUT -i %s -s %s -j DROP", -+ "/usr/sbin/iptables -I INPUT -i %s -s %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) { - snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); - logmessage(1,msg,"iptables",0); + { case FWSAM_HOW_IN: + /* Assemble command */ + if (snprintf(iptcmd,sizeof(iptcmd)-1, +- "/sbin/iptables -I FORWARD -i %s -s %s -j DROP", ++ "/usr/sbin/iptables -I FORWARD -i %s -s %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) { + snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); + logmessage(1,msg,"iptables",0); + return; + } + if (snprintf(iptcmd2,sizeof(iptcmd2)-1, +- "/sbin/iptables -I INPUT -i %s -s %s -j DROP", ++ "/usr/sbin/iptables -I INPUT -i %s -s %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) { + snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); + logmessage(1,msg,"iptables",0); @@ -148,14 +148,14 @@ - case FWSAM_HOW_OUT: - /* Assemble command */ - if (snprintf(iptcmd,sizeof(iptcmd)-1, -- "/sbin/iptables -I FORWARD -i %s -d %s -j DROP", -+ "/usr/sbin/iptables -I FORWARD -i %s -d %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) { - snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); - logmessage(1,msg,"iptables",0); - return; - } - if (snprintf(iptcmd2,sizeof(iptcmd2)-1, -- "/sbin/iptables -I INPUT -i %s -d %s -j DROP", -+ "/usr/sbin/iptables -I INPUT -i %s -d %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) { - snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); - logmessage(1,msg,"iptables",0); + case FWSAM_HOW_OUT: + /* Assemble command */ + if (snprintf(iptcmd,sizeof(iptcmd)-1, +- "/sbin/iptables -I FORWARD -i %s -d %s -j DROP", ++ "/usr/sbin/iptables -I FORWARD -i %s -d %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) { + snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); + logmessage(1,msg,"iptables",0); + return; + } + if (snprintf(iptcmd2,sizeof(iptcmd2)-1, +- "/sbin/iptables -I INPUT -i %s -d %s -j DROP", ++ "/usr/sbin/iptables -I INPUT -i %s -d %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) { + snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); + logmessage(1,msg,"iptables",0); @@ -165,18 +165,18 @@ - case FWSAM_HOW_INOUT: - /* Assemble command - block src*/ - if ((snprintf(iptcmd,sizeof(iptcmd)-1, -- "/sbin/iptables -I FORWARD -i %s -s %s -j DROP", -+ "/usr/sbin/iptables -I FORWARD -i %s -s %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1, -- "/sbin/iptables -I FORWARD -i %s -d %s -j DROP", -+ "/usr/sbin/iptables -I FORWARD -i %s -d %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) { - snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); - logmessage(1,msg,"iptables",0); - return; - } - if ((snprintf(iptcmd2,sizeof(iptcmd2)-1, -- "/sbin/iptables -I INPUT -i %s -s %s -j DROP", -+ "/usr/sbin/iptables -I INPUT -i %s -s %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1, -- "/sbin/iptables -I INPUT -i %s -d %s -j DROP", -+ "/usr/sbin/iptables -I INPUT -i %s -d %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) { - snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); - logmessage(1,msg,"iptables",0); + case FWSAM_HOW_INOUT: + /* Assemble command - block src*/ + if ((snprintf(iptcmd,sizeof(iptcmd)-1, +- "/sbin/iptables -I FORWARD -i %s -s %s -j DROP", ++ "/usr/sbin/iptables -I FORWARD -i %s -s %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1, +- "/sbin/iptables -I FORWARD -i %s -d %s -j DROP", ++ "/usr/sbin/iptables -I FORWARD -i %s -d %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) { + snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); + logmessage(1,msg,"iptables",0); + return; + } + if ((snprintf(iptcmd2,sizeof(iptcmd2)-1, +- "/sbin/iptables -I INPUT -i %s -s %s -j DROP", ++ "/usr/sbin/iptables -I INPUT -i %s -s %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1, +- "/sbin/iptables -I INPUT -i %s -d %s -j DROP", ++ "/usr/sbin/iptables -I INPUT -i %s -d %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) { + snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); + logmessage(1,msg,"iptables",0); @@ -186,14 +186,14 @@ - case FWSAM_HOW_THIS: - /* Assemble command */ - if (snprintf(iptcmd,sizeof(iptcmd)-1, -- "/sbin/iptables -I FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP", -+ "/usr/sbin/iptables -I FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP", - iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) { - snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); - logmessage(1,msg,"iptables",0); - return; - } - if (snprintf(iptcmd2,sizeof(iptcmd2)-1, -- "/sbin/iptables -I INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP", -+ "/usr/sbin/iptables -I INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP", - iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd2)) { - snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); - logmessage(1,msg,"iptables",0); + case FWSAM_HOW_THIS: + /* Assemble command */ + if (snprintf(iptcmd,sizeof(iptcmd)-1, +- "/sbin/iptables -I FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP", ++ "/usr/sbin/iptables -I FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP", + iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) { + snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); + logmessage(1,msg,"iptables",0); + return; + } + if (snprintf(iptcmd2,sizeof(iptcmd2)-1, +- "/sbin/iptables -I INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP", ++ "/usr/sbin/iptables -I INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP", + iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd2)) { + snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); + logmessage(1,msg,"iptables",0); @@ -210,14 +210,14 @@ - { case FWSAM_HOW_IN: - /* Assemble command */ - if (snprintf(iptcmd,sizeof(iptcmd)-1, -- "/sbin/iptables -D FORWARD -i %s -s %s -j DROP", -+ "/usr/sbin/iptables -D FORWARD -i %s -s %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) { - snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); - logmessage(1,msg,"iptables",0); - return; - } - if (snprintf(iptcmd2,sizeof(iptcmd2)-1, -- "/sbin/iptables -D INPUT -i %s -s %s -j DROP", -+ "/usr/sbin/iptables -D INPUT -i %s -s %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) { - snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); - logmessage(1,msg,"iptables",0); + { case FWSAM_HOW_IN: + /* Assemble command */ + if (snprintf(iptcmd,sizeof(iptcmd)-1, +- "/sbin/iptables -D FORWARD -i %s -s %s -j DROP", ++ "/usr/sbin/iptables -D FORWARD -i %s -s %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) { + snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); + logmessage(1,msg,"iptables",0); + return; + } + if (snprintf(iptcmd2,sizeof(iptcmd2)-1, +- "/sbin/iptables -D INPUT -i %s -s %s -j DROP", ++ "/usr/sbin/iptables -D INPUT -i %s -s %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) { + snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); + logmessage(1,msg,"iptables",0); @@ -227,14 +227,14 @@ - case FWSAM_HOW_OUT: - /* Assemble command */ - if (snprintf(iptcmd,sizeof(iptcmd)-1, -- "/sbin/iptables -D FORWARD -i %s -d %s -j DROP", -+ "/usr/sbin/iptables -D FORWARD -i %s -d %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) { - snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); - logmessage(1,msg,"iptables",0); - return; - } - if (snprintf(iptcmd2,sizeof(iptcmd2)-1, -- "/sbin/iptables -D INPUT -i %s -d %s -j DROP", -+ "/usr/sbin/iptables -D INPUT -i %s -d %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) { - snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); - logmessage(1,msg,"iptables",0); + case FWSAM_HOW_OUT: + /* Assemble command */ + if (snprintf(iptcmd,sizeof(iptcmd)-1, +- "/sbin/iptables -D FORWARD -i %s -d %s -j DROP", ++ "/usr/sbin/iptables -D FORWARD -i %s -d %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) { + snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); + logmessage(1,msg,"iptables",0); + return; + } + if (snprintf(iptcmd2,sizeof(iptcmd2)-1, +- "/sbin/iptables -D INPUT -i %s -d %s -j DROP", ++ "/usr/sbin/iptables -D INPUT -i %s -d %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) { + snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); + logmessage(1,msg,"iptables",0); @@ -244,18 +244,18 @@ - case FWSAM_HOW_INOUT: - /* Assemble command - block src*/ - if ((snprintf(iptcmd,sizeof(iptcmd)-1, -- "/sbin/iptables -D FORWARD -i %s -s %s -j DROP", -+ "/usr/sbin/iptables -D FORWARD -i %s -s %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1, -- "/sbin/iptables -D FORWARD -i %s -d %s -j DROP", -+ "/usr/sbin/iptables -D FORWARD -i %s -d %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) { - snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); - logmessage(1,msg,"iptables",0); - return; - } - if ((snprintf(iptcmd2,sizeof(iptcmd2)-1, -- "/sbin/iptables -D INPUT -i %s -s %s -j DROP", -+ "/usr/sbin/iptables -D INPUT -i %s -s %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1, -- "/sbin/iptables -D INPUT -i %s -d %s -j DROP", -+ "/usr/sbin/iptables -D INPUT -i %s -d %s -j DROP", - iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) { - snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); - logmessage(1,msg,"iptables",0); + case FWSAM_HOW_INOUT: + /* Assemble command - block src*/ + if ((snprintf(iptcmd,sizeof(iptcmd)-1, +- "/sbin/iptables -D FORWARD -i %s -s %s -j DROP", ++ "/usr/sbin/iptables -D FORWARD -i %s -s %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd)) || (snprintf(iptcmd1,sizeof(iptcmd1)-1, +- "/sbin/iptables -D FORWARD -i %s -d %s -j DROP", ++ "/usr/sbin/iptables -D FORWARD -i %s -d %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd1))) { + snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); + logmessage(1,msg,"iptables",0); + return; + } + if ((snprintf(iptcmd2,sizeof(iptcmd2)-1, +- "/sbin/iptables -D INPUT -i %s -s %s -j DROP", ++ "/usr/sbin/iptables -D INPUT -i %s -s %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd2)) || (snprintf(iptcmd4,sizeof(iptcmd4)-1, +- "/sbin/iptables -D INPUT -i %s -d %s -j DROP", ++ "/usr/sbin/iptables -D INPUT -i %s -d %s -j DROP", + iptp->iface, inettoa(bd->blockip)) >= sizeof(iptcmd4))) { + snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); + logmessage(1,msg,"iptables",0); @@ -265,14 +265,14 @@ - case FWSAM_HOW_THIS: - /* Assemble command */ - if (snprintf(iptcmd,sizeof(iptcmd)-1, -- "/sbin/iptables -D FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP", -+ "/usr/sbin/iptables -D FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP", - iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) { - snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); - logmessage(1,msg,"iptables",0); - return; - } - if (snprintf(iptcmd2,sizeof(iptcmd2)-1, -- "/sbin/iptables -D INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP", -+ "/usr/sbin/iptables -D INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP", - iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) { - snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); - logmessage(1,msg,"iptables",0); + case FWSAM_HOW_THIS: + /* Assemble command */ + if (snprintf(iptcmd,sizeof(iptcmd)-1, +- "/sbin/iptables -D FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP", ++ "/usr/sbin/iptables -D FORWARD -i %s -s %s -d %s -p %d --dport %d -j DROP", + iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) { + snprintf(msg,sizeof(msg)-1,"Error: Command %s is too long", iptcmd); + logmessage(1,msg,"iptables",0); + return; + } + if (snprintf(iptcmd2,sizeof(iptcmd2)-1, +- "/sbin/iptables -D INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP", ++ "/usr/sbin/iptables -D INPUT -i %s -s %s -d %s -p %d --dport %d -j DROP", + iptp->iface, inettoa(bd->blockip), inettoa(bd->peerip), bd->proto, bd->port) >= sizeof(iptcmd)) { + snprintf(msg,sizeof(msg)-1,"Error: Command2 %s is too long", iptcmd2); + logmessage(1,msg,"iptables",0);