If conntrack can track the TFTP sessions, then you should be able to filter it using -m state in iptables. iptables -A ... -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A ... -m state --state NEW -p udp --dport 69 -j ACCEPT You can have one rule in INPUT and the other in OUTPUT, or both in FORWARD with different -i and -o interfaces. If you give more details on your current topology, what's the access you want to allow, and what are your current rules, it might be easier to help you accomplish that exactly. HTH, Filipe _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: Re: TFP inside firewall
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: "CentOS mailing list" <centos@xxxxxxxxxx>
- Subject: Re: Re: TFP inside firewall
- From: "Filipe Brandenburger" <filbranden@xxxxxxxxx>
- Date: Tue, 10 Jun 2008 21:30:22 -0400
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <29e045b80806100115m570fc066tcc5226b896841616@xxxxxxxxxxxxxx>
- References: <29e045b80806090458h35d2d177t2b7939824b978bb5@xxxxxxxxxxxxxx> <29e045b80806100115m570fc066tcc5226b896841616@xxxxxxxxxxxxxx>
- References:
- TFP inside firewall
- From: lingu
- Re: TFP inside firewall
- From: lingu
- TFP inside firewall
- Prev by Date: Re: Apache jserv monitoring?
- Next by Date: RE: School Server Setup
- Previous by thread: Re: TFP inside firewall
- Next by thread: Cluster RPM Installation Failed
- Index(es):
 |