Re: RELATED connections and the feeling of security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Martijn Lievaart a écrit :
should the ftp-conntrack helper expose arbitrary ports on the originating host? 

Yes it should, for the following two reasons :
1) The host explicitly asked for it over the FTP control connection.
2) The firewall administrator allowed it by loading the FTP conntrack module.
No, not arbitrary ports. The port asked for in the port command should be opened (and it is). 

I took "arbitrary" as "arbitrarily chosen by the host".
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux