[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ipchains
Subject: Re: [Ipchains] Allowing FTP access...
From: Michael Hasenstein <mha () suse ! de>
Date: 1999-05-20 14:18:46
[Download RAW message or body]
On Thu, 20 May 1999, Neale Banks wrote:
> On Thu, 13 May 1999, Brian J. Murrell wrote:
>
> [...]
> > > If this isn't the case, is
> > > there a way to allow FTP connections to ftpserver without opening up
> > > ALL
> > > of the upper ports?
> >
> > Yup. Use my SPF stateful packet filter.
> > ftp://ftp.interlinx.bc.ca/pub/spf
>
> Alternativelty, can one selectively masq only ftp, and use masq_ftp(?) to
> handle the data channel?
Alternatively, you can wait for my ipchains-patch that I wrote yesterday
and today. With it you can completely disable everything you normally need
for ftp-data connections. It will scan for PORT-commans in
ftp-connections, and temporarily add a dynamic rule for that one specific
ftp-data connection. These rules will time out like just like masquerading
rules. It works very well so far.
--
Michael Hasenstein
http://www.csn.tu-chemnitz.de/~mha/
Private Pilot (ASEL) since 1998
----------------------------------------------
To unsubscribe to this list, write an email to
ipchains-request@rustcorp.com with a body of
'unsubscribe'.
www.rustcorp.com - web site
ftp.rustcorp.com - ftp site
Mail Archives:
http://ww.rustcorp.com/archives
http://www.progressive-comp.com/Lists/?l=linux-ipchains&r=1&w=2#linux-ipchains
----------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic