Prevention of outgoing file transfers?
Duncan Grove
duncan.grove at dsto.defence.gov.au
Fri Apr 27 05:20:34 GMT 2007
Hi,
Does anyone know if it is possible to firewall and/or configure rsync
via a web proxy using RSYNC_PROXY to prevent push mode file transfers
yet still allow pull mode? I am aware of Matt McCutchen's helpful
distinction between the direction of an rsync connection and the
direction of file transfer at at
http://lists.samba.org/archive/rsync/2006-May/015595.html, but I am
after something slightly more restrictive. In addition to disallowing
incoming rsync *connections* (which is easy) I would also like to
disallow outgoing *file transfers* started from outgoing connections.
Shamelessly stealing Matt's great ascii art I would like to allow this:
PULL: intranet$ rsync -a internet:dir/ dir/
Firewall allows connection
| \
====================\
Intranet <- <- <- <- <- \ Internet
(client) <- <- <- <- / (server)
(receiver) ===================/ (sender)
| /
but disallow this:
PUSH: intranet$ rsync -a dir/ internet:dir/
Firewall allows connection
| \
====================\
Intranet -> -> -> -> -> \ Internet
(client) -> -> -> -> / (server)
(sender) ====================/ (receiver)
| /
I realise that data (hash values, etc) still goes from the intranet to
internet for the pull case but don't really mind about that. What I am
keen to guard against is the accidental use of rsync in push mode from
mirroring an internal repository to the Internet.
Thanks,
Duncan
IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email.
More information about the rsync
mailing list