[Firehol-support] FTP rule problem (bug?)

Rick Marshall rjm at zenucom.com
Wed Apr 27 00:03:37 BST 2005 

thanks to everyone for the suggestions. it's all been helpful and i have 
an even higher opinion of firehol now.

rick

Costa Tsaousis wrote:

>or...
>
>define something like this:
>
>server_ftpreq_ports="tcp/21"
>client_ftpreq_ports="any"
>
>and then:
>
>server ftpreq drop
>
>
>Regards,
>
>Costa
>
>
>On Mon, April 25, 2005 13:22, Goetz Bock said:
>  
>
>>>On Monday 25 April 2005 00:38, Costa Tsaousis wrote:
>>>      
>>>
>>>>Don't drop ftp. Just don't say anything about it and it will be
>>>>        
>>>>
>>>dropped
>>>      
>>>
>>>>automatically without any side-effects to your other services.
>>>>        
>>>>
>>>The reason to specifically drop it where I do is to prevent random
>>>packets
>>>from showing up in syslog under the normal "fall off the end" log and
>>>drop
>>>rules. I know I'm not running ftp, and I don't want to see people
>>>probing
>>>that port.
>>>      
>>>
>>use
>>
>>client all accept
>>server ftp drop
>>
>>this will allow the related connections from the clients but drop the
>>incomming connections to the ftp server.
>>(I do this with smb all the time ;-))
>>--
>>/"\ Goetz Bock at blacknet dot de  --  secure mobile Linux everNETting
>>\ /       (c) 2004 Creative Commons, Attribution-ShareAlike 2.0 de
>> X   [ 1. Use descriptive subjects - 2. Edit a reply for brevity -  ]
>>/ \  [ 3. Reply to the list - 4. Read the archive *before* you post ]
>>
>>
>>-------------------------------------------------------
>>SF email is sponsored by - The IT Product Guide
>>Read honest & candid reviews on hundreds of IT Products from real users.
>>Discover which products truly live up to the hype. Start reading now.
>>http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
>>_______________________________________________
>>Firehol-support mailing list
>>Firehol-support at lists.sourceforge.net
>>https://lists.sourceforge.net/lists/listinfo/firehol-support
>>
>>    
>>
>
>
>
>-------------------------------------------------------
>SF email is sponsored by - The IT Product Guide
>Read honest & candid reviews on hundreds of IT Products from real users.
>Discover which products truly live up to the hype. Start reading now.
>http://ads.osdn.com/?ad_ide95&alloc_id396&opΜk
>_______________________________________________
>Firehol-support mailing list
>Firehol-support at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/firehol-support
>
>
>!DSPAM:426e3460161991875719153!
>
>  
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: rjm.vcf
Type: text/x-vcard
Size: 146 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20050427/279920ec/attachment-0003.vcf>

More information about the Firehol-support mailing list