RE: passive ftp and file sharing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Use ip_conntrack_ftp which is for FTP and use -m state --state RELATED for FTP related connections.

other than that, you have to learn more about the ports used by those applications and possibly block their port/protocol.

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@xxxxxxxxxxxxxxxxxxxxxx

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au
 

-----Original Message-----
From: Leonardo Lombardo [mailto:leo.lombardo@xxxxxxxxxx]
Sent: Monday, June 09, 2003 7:43 PM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: passive ftp and file sharing


Hi all,

a question for you: how can I set my iptables firewall so that natted lan
users can use ftp in passive mode and have winmx, dc, audiogalaxy, ....
blocked ? I've tried out all that scripts/lists of ip/... i've found on
the net but nothing... the only way I found to block file sharing is to
close all ports 800:65535 but this way passive ftp is blocked too.... :((
I'm a very beginner with iptables so please be patient...

p.s.: now I use firewall-jay script to manage iptables.

Thanks to all in advance :)
##############################################

Leonardo Lombardo - leo.lombardo@xxxxxxxxxxxxx

##############################################

__________________________________________________________________
Tiscali ADSL Light Sempre a 1 euro al giorno! E in piu' telefoni gratis.
Abbonati entro il 31 maggio, l'attivazione e 'gratuita.    
http://point.tiscali.it/adsl/index.shtml







[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux