Re: open ports with firehol
--- Daniel Pittman <daniel@rimspace.net> wrote:
> On Wed, 28 Apr 2004, Mike Mestnik wrote:
> > Dose not connection tracking take care of both active and passive FTP?
>
> > These both should fall under state RELATED not state NEW.
>
> The firehol script treats it as a complex service, because there are
> connections going both ways. If you look at the relevant function in
> /lib/firehol/firehol (line 869) you will see what firehol does to set it
> up.
>
> Regards,
> Daniel
>
Is there any work underway to support netfilter's connection tracking in
firehol? This is something I could help ought with, thought I'm not an
expoert on netfilter.
What I'v allways wondered is wather ftp-ct has been exteded to include
passive as well as active connection tracking both for DNAT and SNAT?
This would give me a good excuse to dig into these kinds of things.
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover
Reply to: