Default CentOS(Redhat) iptables, Secure?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Aleksandar Milivojevic wrote on Wed, 30 Nov 2005 09:16:34 -0600:

> For example, the correct way to 
> allow active FTP data connection, you would allow packet in only if it is sent 
> from port 20 (-p tcp --sport 20), *and* it is connection to high port 
> (preferrably in 49152-65534 range, although some broken FTP servers use entire 
> 1024-65534 range, but definettely high port) (--dport 49152:65534) *and* 
> related to existing FTP control channel (-m state --state RELATED) 
> *and* it was 
> marked as related by ftp helper module (-m helper --helper ftp).

Is that "helper" identical with the ip_conntrack_ftp module or is this something 
different?

Kai

-- 
Kai Sch?tzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux