[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ipchains
Subject:    Re: [Ipchains] Allowing FTP access...
From:       Michael Hasenstein <mha () suse ! de>
Date:       1999-05-20 14:18:46
[Download RAW message or body]

On Thu, 20 May 1999, Neale Banks wrote:

> On Thu, 13 May 1999, Brian J. Murrell wrote:
> 
> [...]
> > > If this isn't the case, is
> > > there a way to allow FTP connections to ftpserver without opening up
> > > ALL
> > > of the upper ports?
> > 
> > Yup.  Use my SPF stateful packet filter. 
> > ftp://ftp.interlinx.bc.ca/pub/spf
> 
> Alternativelty, can one selectively masq only ftp, and use masq_ftp(?) to
> handle the data channel?

Alternatively, you can wait for my ipchains-patch that I wrote yesterday
and today. With it you can completely disable everything you normally need
for ftp-data connections. It will scan for PORT-commans in
ftp-connections, and temporarily add a dynamic rule for that one specific
ftp-data connection. These rules will time out like just like masquerading
rules. It works very well so far.


-- 
Michael Hasenstein
http://www.csn.tu-chemnitz.de/~mha/
Private Pilot (ASEL) since 1998


----------------------------------------------
To unsubscribe to this list, write an email to
ipchains-request@rustcorp.com with a body of
'unsubscribe'.

www.rustcorp.com - web site
ftp.rustcorp.com - ftp site

Mail Archives:
http://ww.rustcorp.com/archives
http://www.progressive-comp.com/Lists/?l=linux-ipchains&r=1&w=2#linux-ipchains
----------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]