On Fri, Oct 18, 2002 at 08:41:42AM +0200, Stef Coene wrote: > There is a -m helper option so you can load additional modules. There is a > module that matches ftp packets (both data and control), but I don't know the > syntax. A google search on "iptables -m helper ftp" will help > http://www.netfilter.org/documentation/pomlist/pom-oldnat.html#helper : Looks like it's been submitted for kernel inclusion with newnat: http://www.netfilter.org/documentation/pomlist/pom-submitted.html#helper For now, though, you'll still need to use patch-o-matic to be able to use this module. > If you want to match all packets belonging to ftp-sessions: > (both ftp-command and ftp-data connections) > > iptables -A INPUT -m helper --helper ftp -j ACCEPT You'll also need the ip_conntrack_ftp module to be loaded. -James _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
