I guess my question was is it advisable to only allow active ftp .... ? Or is that just not a reasonable idea ? Or does the Related option make passive "safe" (ie, don't have to open a load of ports). I already had to open just about everything outgoing from my proxy server anyway, so I guess it is not a big deal ... *unless you have a better suggestion for that as well. Thank you for all of your help. Peter ----- Original Message ----- From: "Rob Sterenborg" <rob@xxxxxxxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Thursday, May 27, 2004 4:34 PM Subject: RE: ftp > > > .... Thank you for the info. My question now is, will your rule > > > take care of both passive and active ftp ? I would prefer to just > > > use active .. But > > ip_conntrack_ftp does handle both passive and active ftp. > Any thoughts on my last question ? As far as I see, Antony answered your last question : both passive and active ftp are handled. Or am I missing something ? Gr, Rob
