[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: stateful firewall

On Thu, Mar 22, 2001 at 08:37:18AM +0200, Michael Wood wrote:
> e.g. filtering FTP traffic properly.  With a stateless firewall,
> you either have to allow only active FTP sessions into your
> network from the outside if you have an internal FTP server for
> some reason, and passive FTP sessions from the inside to
> external FTP servers, or you have to allow anyone to connect to
> any high port on any of your internal machines.  With a stateful
> packet filter that understands the FTP protocol, you can just
> tell it to allow FTP connections and not have to open up huge
> ranges of ports that actually have nothing at all to do with
> FTP, but could be used in transferring FTP data.

In a way, 2.2 already had something similar.  Masq+Masq_ftp.

You can even masq only ftp, and get the benifit.  Though, this is a
workaround, it does help.


Reply to: