В Пн., 28/11/2011 в 18:32 +0100, Eric Leblond пишет: > Hello, > > Pablo Neira Ayuso, Patrick McHardy and I have worked on a document we've > called "Secure use of iptables and connection tracking helpers". > > This is a guide describing how to use securely the connection tracking > helpers. This is a recommended reading for all Netfilter/Iptables users. > > HTML version: http://home.regit.org/netfilter-en/secure-use-of-helpers/ > PDF version: > http://home.regit.org/wp-content/uploads/2011/11/helper-recommandation.pdf > > BR, There is one thing in "Using the CT target to refine security" section. If we use the CT target and pass '0' as ports to nf_conntrack_ftp as advised in the next section, the helper name would be "ftp-0", not "ftp". I know, that helper module naming is described somwhere, but what if we could mention it here also? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
