[prev in list] [next in list] [prev in thread] [next in thread]
List: centos
Subject: Re: [CentOS] Default CentOS(Redhat) iptables, Secure?
From: "Kai Schaetzl" <maillists () conactive ! com>
Date: 2005-11-30 16:31:28
Message-ID: VA.00001ef5.038def0a () virtual-access ! org
[Download RAW message or body]
Aleksandar Milivojevic wrote on Wed, 30 Nov 2005 09:16:34 -0600:
> For example, the correct way to
> allow active FTP data connection, you would allow packet in only if it is sent
> from port 20 (-p tcp --sport 20), *and* it is connection to high port
> (preferrably in 49152-65534 range, although some broken FTP servers use entire
> 1024-65534 range, but definettely high port) (--dport 49152:65534) *and*
> related to existing FTP control channel (-m state --state RELATED)
> *and* it was
> marked as related by ftp helper module (-m helper --helper ftp).
Is that "helper" identical with the ip_conntrack_ftp module or is this something
different?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic