[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

passive FTP rules

Hi all

Are the following rules fine for allowing just passive FTP? Can't I 
set it up any tighter than that?

I have snipped the script a little for clarity.

-- start of script --
# Definitions
ipchains="$(which ipchains)"

# Default policies
${ipchains} -P input DENY
${ipchains} -P forward DENY
${ipchains} -P output DENY

# Flush rules
${ipchains} --flush input
${ipchains} --flush forward
${ipchains} --flush output


# Passive FTP
${ipchains} -A input -p tcp -s --sport 21 -i ppp0 -j ACCEPT ! -y
${ipchains} -A input -p tcp -s --sport 1024:65535 -i ppp0 \
	-j ACCEPT ! -y


# Passive FTP
${ipchains} -A output -p tcp -d --dport 21 -i ppp0 -j ACCEPT
${ipchains} -A output -p tcp -d --dport 1024:65535 -i ppp0 -j ACCEPT


# Masquerade
${ipchains} -A forward -s -j MASQ -i ppp0

# Log the rest!
${ipchains} -A input -j DENY -l
${ipchains} -A output -j DENY -l
${ipchains} -A forward -j DENY -l
-- end of script --

Thanks in advance
Enjoy your job, make lots of money, work within the law. Choose any two.

Reply to: