Use ip_conntrack_ftp which is for FTP and use -m state --state RELATED for FTP related connections. other than that, you have to learn more about the ports used by those applications and possibly block their port/protocol. Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au -----Original Message----- From: Leonardo Lombardo [mailto:leo.lombardo@xxxxxxxxxx] Sent: Monday, June 09, 2003 7:43 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: passive ftp and file sharing Hi all, a question for you: how can I set my iptables firewall so that natted lan users can use ftp in passive mode and have winmx, dc, audiogalaxy, .... blocked ? I've tried out all that scripts/lists of ip/... i've found on the net but nothing... the only way I found to block file sharing is to close all ports 800:65535 but this way passive ftp is blocked too.... :(( I'm a very beginner with iptables so please be patient... p.s.: now I use firewall-jay script to manage iptables. Thanks to all in advance :) ############################################## Leonardo Lombardo - leo.lombardo@xxxxxxxxxxxxx ############################################## __________________________________________________________________ Tiscali ADSL Light Sempre a 1 euro al giorno! E in piu' telefoni gratis. Abbonati entro il 31 maggio, l'attivazione e 'gratuita. http://point.tiscali.it/adsl/index.shtml
