Re: doc: Secure use of iptables and connection tracking helpers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

Le samedi 03 décembre 2011 à 14:06 +0400, Nikolay S. a écrit :
> В Пн., 28/11/2011 в 18:32 +0100, Eric Leblond пишет:
> > Hello,
> > 
> > Pablo Neira Ayuso, Patrick McHardy and I have worked on a document we've
> > called "Secure use of iptables and connection tracking helpers".
> > 
> > This is a guide describing how to use securely the connection tracking
> > helpers. This is a recommended reading for all Netfilter/Iptables users.
> > 
> > HTML version: http://home.regit.org/netfilter-en/secure-use-of-helpers/
> > PDF version:
> > http://home.regit.org/wp-content/uploads/2011/11/helper-recommandation.pdf
> > 
> > BR,
> 
> There is one thing in "Using the CT target to refine security" section.
> If we use the CT target and pass '0' as ports to nf_conntrack_ftp as
> advised in the next section, the helper name would be "ftp-0", not
> "ftp". I know, that helper module naming is described somwhere, but what
> if we could mention it here also?

Really good catch, I've published an update.

Thanks a lot.

BR,
--
Eric

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux