 | ||
 FTP and problems with Newline characters | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2005-08-13 | |||
| |||
 FTP and problems with Newline characters FTP and problems with Newline characters Some FTP implementations send a PORT command in one packet and the newline character in another. By default, VPN-1/FireWall-1 assumes the PORT command and the newline will appear in the same packet. To enable checking for this, edit $FWDIR/lib/base.def on the management console as follows and reinstall the security policy. 1) (Previous versions of the base.def file indicated that this step was necessary) Comment out the first #define FTPPORT statement, i.e. change #define FTPPORT(match) (call KFUNC_FTPPORT <0x1|(match)>)to // #define FTPPORT(match) (call KFUNC_FTPPORT <0x1|(match)>) 2) Uncomment the second #define FTPPORT statement, i.e., change // Use this if you do not want the FW-1 module to insist on a// newline at the end of the PORT command:// #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>)to // Use this if you do not want the FW-1 module to insist on a// newline at the end of the PORT command:#define FTPPORT(match) (call KFUNC_FTPPORT <(match)>) Some other sites do not send out a proper newline at all. To resolve this, comment out the following line in $FWDIR/lib/base.def on the management console (i.e., add // at the beginning of the line) and reinstall the policy. #define FTP_ENFORCE_NL -- AlexTasker - 02 Jun 2004 FAQForm FAQs.Class: ServicesFAQs FAQs.OS: FAQs.Version:  |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
