Phil Oester wrote:
On Mon, Dec 17, 2007 at 10:28:49PM +0100, Jan Engelhardt wrote:
In thinking about this, it seems like a HELPER target would be
useful, for instance if some random FTP server ran on a non-standard
port and we wanted the FTP helper to be used. Something like:
-s X -p 210 -j HELPER --helper ftp
BTW, the helper code is said to already do that (man iptables):
--helper ftp-2121
Actually that's for the helper _match_, so you could for instance
match packets which are part of a helper configured on a non-standard
port via module parameter. So this is different, in that it would
allow you to specify non-standard ports at runtime.
One of the really nice things about this is that it makes helpers
explicit. I never liked the automatic tracking very much since
helpers effectively change your ruleset, and there isn't even a
way to disable them selectively besides blocking connections
completely.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
