> no--but you need to write scripts like this: > > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -p tcp --syn --dport 21 -j ACCEPT > Well, I thought the Connection Tracking and NAT Modules *for* FTP did the same.. Correct me if I am wrong.. After all, why are the ALGs neccessary, if *user space* iptables rules are still required ? -- Ashutosh Naik Teneoris Networks India Pvt. Ltd www.teneoris.com
