Re: open ports with firehol

To: debian-firewall@lists.debian.org
Subject: Re: open ports with firehol
From: Daniel Pittman <daniel@rimspace.net>
Date: Thu, 29 Apr 2004 14:47:41 +1000
Message-id: <[🔎] 87isfjgzki.fsf@enki.rimspace.net>
References: <[🔎] 87n04vh1s5.fsf@enki.rimspace.net> <[🔎] 20040429041831.20567.qmail@web11903.mail.yahoo.com>

On Wed, 28 Apr 2004, Mike Mestnik wrote:
> --- Daniel Pittman <daniel@rimspace.net> wrote:
>> On Wed, 28 Apr 2004, Mike Mestnik wrote:
>> > Dose not connection tracking take care of both active and passive
>> > FTP?
>> 
>> > These both should fall under state RELATED not state NEW.
>> 
>> The firehol script treats it as a complex service, because there are
>> connections going both ways. If you look at the relevant function in
>> /lib/firehol/firehol (line 869) you will see what firehol does to set
>> it up.
>> 
>> Regards,
>>         Daniel
> 
> Is there any work underway to support netfilter's connection tracking
> in firehol? This is something I could help ought with, thought I'm not
> an expoert on netfilter.

I am sorry if I was at all misleading - the firehol script *is* using
the FTP connection tracking already.  The complexity comes from the need
to set up several rules, allowing for the return connections as well as
the established ones, as I understand it.

    Daniel

-- 
We can keep from a child all knowledge of earlier myths, but
we cannot take from him the need for mythology.
        -- Carl Jung

Reply to:

Follow-Ups:
- Re: open ports with firehol
  - From: Mike Mestnik <cheako911@yahoo.com>

References:
- Re: open ports with firehol
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: open ports with firehol
  - From: Mike Mestnik <cheako911@yahoo.com>

Prev by Date: Re: open ports with firehol
Next by Date: Re: open ports with firehol
Previous by thread: Re: open ports with firehol
Next by thread: Re: open ports with firehol
Index(es):
- Date
- Thread