Hello, Le samedi 03 décembre 2011 à 14:06 +0400, Nikolay S. a écrit : > В Пн., 28/11/2011 в 18:32 +0100, Eric Leblond пишет: > > Hello, > > > > Pablo Neira Ayuso, Patrick McHardy and I have worked on a document we've > > called "Secure use of iptables and connection tracking helpers". > > > > This is a guide describing how to use securely the connection tracking > > helpers. This is a recommended reading for all Netfilter/Iptables users. > > > > HTML version: http://home.regit.org/netfilter-en/secure-use-of-helpers/ > > PDF version: > > http://home.regit.org/wp-content/uploads/2011/11/helper-recommandation.pdf > > > > BR, > > There is one thing in "Using the CT target to refine security" section. > If we use the CT target and pass '0' as ports to nf_conntrack_ftp as > advised in the next section, the helper name would be "ftp-0", not > "ftp". I know, that helper module naming is described somwhere, but what > if we could mention it here also? Really good catch, I've published an update. Thanks a lot. BR, -- Eric
Attachment:
signature.asc
Description: This is a digitally signed message part
