Re: open ports with firehol

To: he@debian.org
Cc: debian-firewall@lists.debian.org
Subject: Re: open ports with firehol
From: Mike Mestnik <cheako911@yahoo.com>
Date: Wed, 28 Apr 2004 21:18:31 -0700 (PDT)
Message-id: <[🔎] 20040429041831.20567.qmail@web11903.mail.yahoo.com>
In-reply-to: <[🔎] 87n04vh1s5.fsf@enki.rimspace.net>

--- Daniel Pittman <daniel@rimspace.net> wrote:
> On Wed, 28 Apr 2004, Mike Mestnik wrote:
> > Dose not connection tracking take care of both active and passive FTP?
> 
> > These both should fall under state RELATED not state NEW.
> 
> The firehol script treats it as a complex service, because there are
> connections going both ways.  If you look at the relevant function in
> /lib/firehol/firehol (line 869) you will see what firehol does to set it
> up.
> 
> Regards,
>         Daniel
> 
Is there any work underway to support netfilter's connection tracking in
firehol?  This is something I could help ought with, thought I'm not an
expoert on netfilter.

What I'v allways wondered is wather ftp-ct has been exteded to include
passive as well as active connection tracking both for DNAT and SNAT? 
This would give me a good excuse to dig into these kinds of things.

__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover

Reply to:

Follow-Ups:
- Re: open ports with firehol
  - From: Daniel Pittman <daniel@rimspace.net>

References:
- Re: open ports with firehol
  - From: Daniel Pittman <daniel@rimspace.net>

Prev by Date: Re: open ports with firehol
Next by Date: Re: open ports with firehol
Previous by thread: Re: open ports with firehol
Next by thread: Re: open ports with firehol
Index(es):
- Date
- Thread