Hi,
Does anyone know if it is possible to firewall and/or configure rsync
via a web proxy using RSYNC_PROXY to prevent push mode file transfers
yet still allow pull mode? I am aware of Matt McCutchen's helpful
distinction between the direction of an rsync connection and the
direction of file transfer at at
http://lists.samba.org/archive/rsync/2006-May/015595.html, but I am
after something slightly more restrictive. In addition to disallowing
incoming rsync *connections* (which is easy) I would also like to
disallow outgoing *file transfers* started from outgoing connections.
Shamelessly stealing Matt's great ascii art I would like to allow this:
PULL: intranet$ rsync -a internet:dir/ dir/
Firewall allows connection
| \
====================\
Intranet <- <- <- <- <- \ Internet
(client) <- <- <- <- / (server)
(receiver) ===================/ (sender)
| /
but disallow this:
PUSH: intranet$ rsync -a dir/ internet:dir/
Firewall allows connection
| \
====================\
Intranet -> -> -> -> -> \ Internet
(client) -> -> -> -> / (server)
(sender) ====================/ (receiver)
| /
I realise that data (hash values, etc) still goes from the intranet to
internet for the pull case but don't really mind about that. What I am
keen to guard against is the accidental use of rsync in push mode from
mirroring an internal repository to the Internet.
Thanks,
Duncan
IMPORTANT: This email remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT
1914. If you have received this email in error, you are requested to contact
the sender and delete the email.
On 4/27/07, Duncan Grove <duncan.grove@dsto.defence.gov.au> wrote:> Does anyone know if it is possible to firewall and/or configure rsync > via a web proxy using RSYNC_PROXY to prevent push mode file transfers > yet still allow pull mode?> I realise that data (hash values, etc) still goes from the intranet to > internet for the pull case but don't really mind about that. What I am > keen to guard against is the accidental use of rsync in push mode from > mirroring an internal repository to the Internet.RSYNC_PROXY affects connections directly to rsync daemons but not connections over SSH. It would be possible (but would take a bit of work) to implement a proxy that looks inside rsync daemon connections and allows pulls while blocking pushes. An rsync connection is a pull if and only if it includes the --sender option. Since SSH connections are encrypted, an rsync push looks just like any other SSH connection to a firewall; there's no way to block rsync pushes without blocking all SSH traffic. I think the most appropriate solution would be to install a wrapper script around rsync that refuses to push to hosts outside a set you specify. This won't prevent a user from compromising the data in the repository if he/she really wants to, but it is likely to prevent most accidents. The quick-and-dirty approach would be to refuse if the last argument begins with HOST: , HOST:: , or rsync://HOST/ and HOST is not on the safe list. However, this assumes that the last argument is the destination; this won't be true if users pass additional options after the destination. Matt