Hi, thanks for implementing this idea. Am 04.06.2021 um 14:17 schrieb Matthias Fischer: > There was not much feedback on the list, so I send this now. This is V4 - open for > discussion, opinions or (perhaps ;-) ) changes: > > Originally triggered by: > https://community.ipfire.org/t/forcing-all-dns-traffic-from-the-lan-to-the-firewall/3512 > > Discussion: > https://community.ipfire.org/t/testing-dns-redirect-code-snippet/3888 > > Could fix(?): > https://bugzilla.ipfire.org/show_bug.cgi?id=11168 > > Changelog since V3: > > - Replaced 'green0'/'blue0' with '${GREEN_DEV}' / '${BLUE_DEV}' - these > values are read from '/var/ipfire/ethernet/settings', thanks > to "someone" for the hint (sorry, I didn't find the author)! ;-) > > - Replaced port numbers '123' / '53' with service names 'domain' / 'ntp' (dto.). > > - As mentioned on the list (05.03.2021, BB), 'well-behaving' requests are now > handled through RETURN rules, others through REDIRECT. > > Background (cited from BB, 06.03.2021): > "Concerning performance, we want to minimize the rule set to the amount > really necessary. On the other hand, it may be quicker to do just > a RETURN than a REDIRECT. The cases for the RETURN (DNS requests direct > to IPFire) should be nearly 100%. DNS and NTP servers are published > by DHCP or should be configured in the static case." > Sorry, I did not realize that this 'well-behaving' must be defined more exactly. See beyond. > I made it that way. Statistics during the last 62 days show that this > worked as intended. IMHO. I've sent a screenshot to the list (the other day) so > everyone could take a look. > That's my experience with the rules located in firewall.local, too. > - Removed GUI links to DNS and NTP options in 'optionsfw.cgi'. > > - Moved creation of the iptable rules in '/etc/init.d/firewall' behind > '# WIRELESS chains' > > Summary and functionality: > These patches are controlled through "Firewall Options". They add new > firewall-[DNS/NTP]_FORCED_ON_[INTERFACE]-options to '/var/ipfire/optionsfw/settings'. > They activate/deactivate appropriate RETURN and REDIRECT rules through > a new ctrl file ('/usr/local/bin/dnsntpctrl') and a new init file > ('/etc/rc.d/init.d/dnsntp'). > > Default of all new rules is OFF (set in 'lfs/configroot'). > If set to ON, they REDIRECT all DNS and NTP requests (TCP/UDP) to the DNS and NTP > servers specified in IPFire. > > Flaw/ToDo: > To make things work as I wanted I had to add a 'dnsntpctrl' file which calls the actual > init file, 'dnsntp'. As I see it, this is actually an unnecessary detour. > In fact I wanted to merge these two files in *one* C file, but this was beyond my > capabilities, perhaps "someone" else knows how to program this. > > Changed visibility (GUI, 'optionsfw.cgi') and some cosmetics: > The corresponding interface options - including 'Masquerade ...' - are only visible if > the respective interface actually exists. > E.g.: if BLUE interface doesn't exist, there are no ON/OFF switches > for 'DNS/NTP on BLUE' or logging options for BLUE available. > Added text colors for better readability. > Separated logging options per interface. > > No reboot required: > Rules can be switched ON/OFF without rebooting IPFire. > Changes immedediately take effect after clicking 'Save'. > > Changes to '/etc/rc.d/init.d/firewall' and '/etc/rc.d/init.d/dnsntpctrl': > Fixed a 'trafic' typo. > To avoid collisions with existing CUSTOM rules, I added a new PREROUTING > chain: 'DNS_NTP_REDIRECT'. > This chain is flushed by 'dnsntpctrl' prior applying the choosen settings. > > Signed-off-by: Matthias Fischer > --- > config/rootfiles/common/misc-progs | 1 + > html/cgi-bin/optionsfw.cgi | 90 ++++++++++++++++++++++++------ > langs/de/cgi-bin/de.pl | 15 +++-- > langs/en/cgi-bin/en.pl | 15 +++-- > lfs/configroot | 6 +- > src/initscripts/system/dnsntp | 43 ++++++++++++++ > src/initscripts/system/firewall | 9 ++- > src/misc-progs/Makefile | 2 +- > src/misc-progs/dnsntpctrl.c | 19 +++++++ > 9 files changed, 171 insertions(+), 29 deletions(-) > create mode 100644 src/initscripts/system/dnsntp > create mode 100644 src/misc-progs/dnsntpctrl.c > > diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs > index d6594b3f8..4bcb94812 100644 > --- a/config/rootfiles/common/misc-progs > +++ b/config/rootfiles/common/misc-progs > @@ -5,6 +5,7 @@ usr/local/bin/captivectrl > usr/local/bin/collectdctrl > usr/local/bin/ddnsctrl > usr/local/bin/dhcpctrl > +usr/local/bin/dnsntpctrl > usr/local/bin/extrahdctrl > usr/local/bin/fireinfoctrl > usr/local/bin/firewallctrl > diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi > index 321642e82..2059a03b3 100644 > --- a/html/cgi-bin/optionsfw.cgi > +++ b/html/cgi-bin/optionsfw.cgi > @@ -50,6 +50,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { > $errormessage .= $Lang::tr{'new optionsfw later'}; > &General::writehash($filename, \%settings); # Save good settings > system("/usr/local/bin/firewallctrl"); > + system("/usr/local/bin/dnsntpctrl >/dev/null 2>&1"); > }else{ > if ($settings{'POLICY'} ne ''){ > $fwdfwsettings{'POLICY'} = $settings{'POLICY'}; > @@ -65,6 +66,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { > &General::writehash("${General::swroot}/firewall/settings", \%fwdfwsettings); > &General::readhash("${General::swroot}/firewall/settings", \%fwdfwsettings); > system("/usr/local/bin/firewallctrl"); > + system("/usr/local/bin/dnsntpctrl >/dev/null 2>&1"); > } > &General::readhash($filename, \%settings); # Load good settings > } > @@ -140,6 +142,18 @@ $selected{'MASQUERADE_ORANGE'}{$settings{'MASQUERADE_ORANGE'}} = 'selected="sele > $selected{'MASQUERADE_BLUE'}{'off'} = ''; > $selected{'MASQUERADE_BLUE'}{'on'} = ''; > $selected{'MASQUERADE_BLUE'}{$settings{'MASQUERADE_BLUE'}} = 'selected="selected"'; > +$checked{'DNS_FORCE_ON_GREEN'}{'off'} = ''; > +$checked{'DNS_FORCE_ON_GREEN'}{'on'} = ''; > +$checked{'DNS_FORCE_ON_GREEN'}{$settings{'DNS_FORCE_ON_GREEN'}} = "checked='checked'"; > +$checked{'DNS_FORCE_ON_BLUE'}{'off'} = ''; > +$checked{'DNS_FORCE_ON_BLUE'}{'on'} = ''; > +$checked{'DNS_FORCE_ON_BLUE'}{$settings{'DNS_FORCE_ON_BLUE'}} = "checked='checked'"; > +$checked{'NTP_FORCE_ON_GREEN'}{'off'} = ''; > +$checked{'NTP_FORCE_ON_GREEN'}{'on'} = ''; > +$checked{'NTP_FORCE_ON_GREEN'}{$settings{'NTP_FORCE_ON_GREEN'}} = "checked='checked'"; > +$checked{'NTP_FORCE_ON_BLUE'}{'off'} = ''; > +$checked{'NTP_FORCE_ON_BLUE'}{'on'} = ''; > +$checked{'NTP_FORCE_ON_BLUE'}{$settings{'NTP_FORCE_ON_BLUE'}} = "checked='checked'"; > > &Header::openbox('100%', 'center',); > print "
"; > @@ -189,13 +203,44 @@ END > END > } > > - print < +print < + > + > +   > + > + > + > + > +END > + > + if (&Header::blue_used()) { > + print < +
$Lang::tr{'fw green'}
$Lang::tr{'dns force on green'}$Lang::tr{'on'} / > + $Lang::tr{'off'}
$Lang::tr{'ntp force on green'}$Lang::tr{'on'} / > + $Lang::tr{'off'}
> + > +   > + > + > + > + > + > + > + > +END > + } > + > + print <
$Lang::tr{'fw blue'}
$Lang::tr{'dns force on blue'}$Lang::tr{'on'} / > + $Lang::tr{'off'}
$Lang::tr{'ntp force on blue'}$Lang::tr{'on'} / > + $Lang::tr{'off'}
$Lang::tr{'drop proxy'}$Lang::tr{'on'} / > + $Lang::tr{'off'}
$Lang::tr{'drop samba'}$Lang::tr{'on'} / > + $Lang::tr{'off'}
> > -
> +
> > - > - > +
$Lang::tr{'fw logging'}
> + > > > > -
$Lang::tr{'fw logging red'}
$Lang::tr{'drop newnotsyn'}$Lang::tr{'on'} / > $Lang::tr{'off'}
$Lang::tr{'drop input'}$Lang::tr{'on'} / > @@ -206,21 +251,30 @@ END > $Lang::tr{'off'}
$Lang::tr{'drop portscan'}$Lang::tr{'on'} / > $Lang::tr{'off'}
$Lang::tr{'drop wirelessinput'}$Lang::tr{'on'} / > +END > + > + if (&Header::blue_used()) { > + print < +
> + > +
> + > + > + > + > + > - > -
$Lang::tr{'fw logging blue'}
$Lang::tr{'drop wirelessinput'}$Lang::tr{'on'} / > $Lang::tr{'off'}
$Lang::tr{'drop wirelessforward'}$Lang::tr{'on'} / > +
$Lang::tr{'drop wirelessforward'}$Lang::tr{'on'} / > $Lang::tr{'off'}
> -
> + > +END > + } > + > + print < + > + > +
> > - > - > - > - > -
$Lang::tr{'fw blue'}
$Lang::tr{'drop proxy'}$Lang::tr{'on'} / > - $Lang::tr{'off'}
$Lang::tr{'drop samba'}$Lang::tr{'on'} / > - $Lang::tr{'off'}
> -
> > > > END > print "
$Lang::tr{'fw settings'}
$Lang::tr{'fw settings color'}$Lang::tr{'on'} / > @@ -252,7 +306,7 @@ END > >
> > - >
> +
> >
> @@ -278,7 +332,7 @@ print <
"; > - print"

"; > + print"

"; > print <
> > diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl > index 0bc579cd2..51e65b903 100644 > --- a/langs/de/cgi-bin/de.pl > +++ b/langs/de/cgi-bin/de.pl > @@ -835,6 +835,8 @@ > 'dns error 0' => 'Die IP Adresse vom primären DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!
Die eingegebene sekundären DNS Server Adresse ist jedoch gültig.
', > 'dns error 01' => 'Die eingegebene IP Adresse des primären wie auch des sekundären DNS-Servers sind nicht gültig, bitte überprüfen Sie Ihre Eingaben!', > 'dns error 1' => 'Die IP Adresse vom sekundären DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!
Die eingegebene primäre DNS Server Adresse ist jedoch gültig.', > +'dns force on blue' => 'Erzwinge lokale DNS-Server', > +'dns force on green' => 'Erzwinge lokale DNS-Server', > 'dns forward disable dnssec' => 'DNSSEC deaktivieren (nicht empfohlen)', > 'dns forwarding dnssec disabled notice' => '(DNSSEC deaktiviert)', > 'dns header' => 'DNS Server Adressen zuweisen nur mit DHCP an red0', > @@ -1101,9 +1103,12 @@ > 'from email server' => 'Von E-Mail-Server', > 'from email user' => 'Von E-Mail-Benutzer', > 'from warn email bad' => 'Von E-Mail-Adresse ist nicht gültig', > -'fw blue' => 'Firewalloptionen für das Blaue Interface', > +'fw blue' => 'Firewalloptionen für das BLAUE Interface', > 'fw default drop' => 'Firewallrichtlinie', > +'fw green' => 'Firewalloptionen für das GRÜNE Interface', > 'fw logging' => 'Firewallprotokollierung', > +'fw logging blue' => 'Firewallprotokollierung (BLAU)', > +'fw logging red' => 'Firewallprotokollierung (ROT)', > 'fw settings' => 'Firewalleinstellungen', > 'fw settings color' => 'Farben in Regeltabelle anzeigen', > 'fw settings dropdown' => 'Alle Netzwerke auf Regelerstellungsseite anzeigen', > @@ -1643,9 +1648,9 @@ > 'map to guest' => 'Map to Guest', > 'march' => 'März', > 'marked' => 'Markiert', > -'masquerade blue' => 'NAT auf BLAU', > -'masquerade green' => 'NAT auf GRÜN', > -'masquerade orange' => 'NAT auf ORANGE', > +'masquerade blue' => 'NAT auf BLAU', > +'masquerade green' => 'NAT auf GRÜN', > +'masquerade orange' => 'NAT auf ORANGE', > 'masquerading' => 'Masquerading/NAT', > 'masquerading disabled' => 'NAT ausgeschaltet', > 'masquerading enabled' => 'NAT eingeschaltet', > @@ -1813,6 +1818,8 @@ > 'november' => 'November', > 'ntp common settings' => 'Allgemeine Einstellungen', > 'ntp configuration' => 'Zeitserverkonfiguration', > +'ntp force on blue' => 'Erzwinge lokale NTP-Server', > +'ntp force on green' => 'Erzwinge lokale NTP-Server', > 'ntp must be enabled to have clients' => 'Um Clients annehmen zu können, muss NTP vorher aktiviert sein.', > 'ntp server' => 'NTP-Server', > 'ntp sync' => 'Synchronisation', > diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl > index 1c69b3798..390b2d026 100644 > --- a/langs/en/cgi-bin/en.pl > +++ b/langs/en/cgi-bin/en.pl > @@ -858,6 +858,8 @@ > 'dns error 0' => 'The IP address of the primary DNS server is not valid, please check your entries!
The entered secondary DNS server address is valid.', > 'dns error 01' => 'The entered IP address of the primary and secondary DNS server are not valid, please check your entries!', > 'dns error 1' => 'The IP address of the secondary DNS server is not valid, please check your entries!
The entered primary DNS server address is valid.', > +'dns force on blue' => 'Force DNS to use local DNS servers', > +'dns force on green' => 'Force DNS to use local DNS servers', > 'dns forward disable dnssec' => 'Disable DNSSEC (dangerous)', > 'dns forwarding dnssec disabled notice' => '(DNSSEC disabled)', > 'dns header' => 'Assign DNS server addresses only for DHCP on red0', > @@ -1128,9 +1130,12 @@ > 'from email server' => 'From Email server', > 'from email user' => 'From e-mail user', > 'from warn email bad' => 'From e-mail address is not valid', > -'fw blue' => 'Firewall options for BLUE interface', > +'fw blue' => 'Firewall options for BLUE Interface', > 'fw default drop' => 'Firewall policy', > +'fw green' => 'Firewall options for GREEN Interface', > 'fw logging' => 'Firewall logging', > +'fw logging blue' => 'Firewall logging (BLUE)', > +'fw logging red' => 'Firewall logging (RED)', > 'fw settings' => 'Firewall settings', > 'fw settings color' => 'Show colors in ruletable', > 'fw settings dropdown' => 'Show all networks on rulecreation site', > @@ -1675,9 +1680,9 @@ > 'map to guest' => 'Map to Guest', > 'march' => 'March', > 'marked' => 'Marked', > -'masquerade blue' => 'Masquerade BLUE', > -'masquerade green' => 'Masquerade GREEN', > -'masquerade orange' => 'Masquerade ORANGE', > +'masquerade blue' => 'Masquerade BLUE', > +'masquerade green' => 'Masquerade GREEN', > +'masquerade orange' => 'Masquerade ORANGE', > 'masquerading' => 'Masquerading', > 'masquerading disabled' => 'Masquerading disabled', > 'masquerading enabled' => 'Masquerading enabled', > @@ -1847,6 +1852,8 @@ > 'november' => 'November', > 'ntp common settings' => 'Common settings', > 'ntp configuration' => 'NTP Configuration', > +'ntp force on blue' => 'Force NTP to use local NTP servers', > +'ntp force on green' => 'Force NTP to use local NTP servers', > 'ntp must be enabled to have clients' => 'NTP must be enabled to have clients.', > 'ntp server' => 'NTP Server', > 'ntp sync' => 'Synchronization', > diff --git a/lfs/configroot b/lfs/configroot > index c528bd6d9..6cc376ff0 100644 > --- a/lfs/configroot > +++ b/lfs/configroot > @@ -1,7 +1,7 @@ > ############################################################################### > # # > # IPFire.org - A linux based firewall # > -# Copyright (C) 2007-2021 IPFire Team # > +# Copyright (C) 2007-2018 IPFire Team # > # # > # This program is free software: you can redistribute it and/or modify # > # it under the terms of the GNU General Public License as published by # > @@ -129,6 +129,10 @@ $(TARGET) : > echo "SHOWDROPDOWN=off" >> $(CONFIG_ROOT)/optionsfw/settings > echo "DROPWIRELESSINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings > echo "DROPWIRELESSFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings > + echo "DNS_FORCE_ON_GREEN=off" >> $(CONFIG_ROOT)/optionsfw/settings > + echo "DNS_FORCE_ON_BLUE=off" >> $(CONFIG_ROOT)/optionsfw/settings > + echo "NTP_FORCE_ON_GREEN=off" >> $(CONFIG_ROOT)/optionsfw/settings > + echo "NTP_FORCE_ON_BLUE=off" >> $(CONFIG_ROOT)/optionsfw/settings > echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings > echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings > echo "USE_ISP_NAMESERVERS=on" >> $(CONFIG_ROOT)/dns/settings > diff --git a/src/initscripts/system/dnsntp b/src/initscripts/system/dnsntp > new file mode 100644 > index 000000000..54fdfc685 > --- /dev/null > +++ b/src/initscripts/system/dnsntp > @@ -0,0 +1,43 @@ > +#!/bin/sh > +######################################################################## > +# Begin $rc_base/init.d/dnsntp > +# > +# Description : dnsntp init script for DNS/NTP rules only > +# > +######################################################################## > + > +# flush chain > +iptables -t nat -F DNS_NTP_REDIRECT > + > +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) > +eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings) > + The 'well-behaving' request destinations should be DNS1_GREEN, DNS2_GREEN, DNS1_BLUE, DNS2_BLUE ( stored in /var/ipfire/dhcp/settings and set in the dhcp.cgi ). If they are defined and distrubited by DHCP or set by other mechanism. Is GREEN_ADDRESS / BLUE_ADDRESS the desired destination otherwise? > +# Force DNS REDIRECTs on GREEN (udp, tcp, 53) > +if [ "$DNS_FORCE_ON_GREEN" == "on" ]; then > + iptables -t nat -A DNS_NTP_REDIRECT -i ${GREEN_DEV} -d ${GREEN_ADDRESS} -p udp -m udp --dport domain -j RETURN > + iptables -t nat -A DNS_NTP_REDIRECT -i ${GREEN_DEV} -p udp -m udp --dport domain -j REDIRECT > + iptables -t nat -A DNS_NTP_REDIRECT -i ${GREEN_DEV} -d ${GREEN_ADDRESS} -p tcp -m tcp --dport domain -j RETURN > + iptables -t nat -A DNS_NTP_REDIRECT -i ${GREEN_DEV} -p tcp -m tcp --dport domain -j REDIRECT > +fi > + > +# Force DNS REDIRECTs on BLUE (udp, tcp, 53) > +if [ "$DNS_FORCE_ON_BLUE" == "on" ]; then > + iptables -t nat -A DNS_NTP_REDIRECT -i ${BLUE_DEV} -d ${BLUE_ADDRESS} -p udp -m udp --dport domain -j RETURN > + iptables -t nat -A DNS_NTP_REDIRECT -i ${BLUE_DEV} -p udp -m udp --dport domain -j REDIRECT > + iptables -t nat -A DNS_NTP_REDIRECT -i ${BLUE_DEV} -d ${BLUE_ADDRESS} -p tcp -m tcp --dport domain -j RETURN > + iptables -t nat -A DNS_NTP_REDIRECT -i ${BLUE_DEV} -p tcp -m tcp --dport domain -j REDIRECT > +fi > + See above. Regards, Bernhard > +# Force NTP REDIRECTs on GREEN (udp, 123) > +if [ "$NTP_FORCE_ON_GREEN" == "on" ]; then > + iptables -t nat -A DNS_NTP_REDIRECT -i ${GREEN_DEV} -d ${GREEN_ADDRESS} -p udp -m udp --dport ntp -j RETURN > + iptables -t nat -A DNS_NTP_REDIRECT -i ${GREEN_DEV} -p udp -m udp --dport ntp -j REDIRECT > +fi > + > +# Force DNS REDIRECTs on BLUE (udp, 123) > +if [ "$NTP_FORCE_ON_BLUE" == "on" ]; then > + iptables -t nat -A DNS_NTP_REDIRECT -i ${BLUE_DEV} -d ${BLUE_ADDRESS} -p udp -m udp --dport ntp -j RETURN > + iptables -t nat -A DNS_NTP_REDIRECT -i ${BLUE_DEV} -p udp -m udp --dport ntp -j REDIRECT > +fi > + > +# End $rc_base/init.d/dnsntp > diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall > index 1e558ee86..047946a86 100644 > --- a/src/initscripts/system/firewall > +++ b/src/initscripts/system/firewall > @@ -218,7 +218,7 @@ iptables_init() { > iptables -A INPUT -j LOCATIONBLOCK > iptables -A FORWARD -j LOCATIONBLOCK > > - # trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything > + # traffic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything > iptables -N IPSECINPUT > iptables -N IPSECFORWARD > iptables -N IPSECOUTPUT > @@ -242,6 +242,10 @@ iptables_init() { > iptables -N WIRELESSFORWARD > iptables -A FORWARD -m conntrack --ctstate NEW -j WIRELESSFORWARD > > + # Redirecting DNS and NTP requests > + iptables -t nat -N DNS_NTP_REDIRECT > + iptables -t nat -A PREROUTING -j DNS_NTP_REDIRECT > + > # OpenVPN > iptables -N OVPNINPUT > iptables -A INPUT -j OVPNINPUT > @@ -320,6 +324,9 @@ iptables_init() { > # run captivectrl > /usr/local/bin/captivectrl > > + # run dnsntpctrl > + /usr/local/bin/dnsntpctrl > + > # POLICY CHAIN > iptables -N POLICYIN > iptables -A INPUT -j POLICYIN > diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile > index 7c3ef7529..229d122d6 100644 > --- a/src/misc-progs/Makefile > +++ b/src/misc-progs/Makefile > @@ -30,7 +30,7 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \ > wirelessctrl getipstat qosctrl \ > redctrl syslogdctrl extrahdctrl sambactrl \ > smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \ > - setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \ > + setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes dnsntpctrl \ > getconntracktable wirelessclient torctrl ddnsctrl unboundctrl \ > captivectrl > > diff --git a/src/misc-progs/dnsntpctrl.c b/src/misc-progs/dnsntpctrl.c > new file mode 100644 > index 000000000..f2a3b89e3 > --- /dev/null > +++ b/src/misc-progs/dnsntpctrl.c > @@ -0,0 +1,19 @@ > +/* This file is part of the IPFire Firewall. > + * > + * This program is distributed under the terms of the GNU General Public > + * Licence. See the file COPYING for details. > + * > + */ > + > +#include > +#include "setuid.h" > + > +int main(void) > +{ > + if (!(initsetuid())) > + exit(1); > + > + safe_system("/etc/rc.d/init.d/dnsntp >/dev/null 2>&1"); > + > + return 0; > +} >