Re: FORWARD allow ftp?

To: debian-firewall@lists.debian.org
Subject: Re: FORWARD allow ftp?
From: Arnt Karlsen <arnt@c2i.net>
Date: Sat, 23 Apr 2005 21:52:10 +0200
Message-id: <[🔎] 20050423215210.6e59cfda.arnt@c2i.net>
In-reply-to: <[🔎] 20050423181228.M16480@etalon.net>
References: <[🔎] 20050423181228.M16480@etalon.net>

On Sat, 23 Apr 2005 11:16:17 -0700, michael wrote in message 
<[🔎] 20050423181228.M16480@etalon.net>:

> Hello,
> 
> I wanted to allow my clients behind my firewall to use ftp.
> I've added the rules to my iptables script.
> 
> -A FORWARD -p tcp -m tcp --dport 21 -j ACCEPT
> -A FORWARD -p tcp -m tcp --dport 20 -j ACCEPT
> -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

..looks ok to me.

> Just wanted to get your opinion if this is the correct 
> way to do it? The 3rd rule above (--state....) is the one rule
> I'm mostly unsure about. 

..it checks whether any response from the ftp servers out there, is
related to "which-one" of your established outgoing ftp traffic or
ftp requests.

> Is this the proper way to allow ftp access?
> What rules do you guys use for ftp?



-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;o)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

Reply to:

References:
- FORWARD allow ftp?
  - From: "michael" <michael@etalon.net>

Prev by Date: Re: Firewalling for IPv6
Next by Date: Enhanced learning
Previous by thread: FORWARD allow ftp?
Next by thread: Enhanced learning
Index(es):
- Date
- Thread