On 08.01.2010 17:09, MargoAndTodd wrote:
>>> It is the "--sport $unassgn --dport $unassgn" that is killing me.
>>> How do I restrict the last three to just passive mode ftp?
>>>
>
> On 01/08/2010 02:24 AM, Mart Frauenlob wrote:
>> use the 'helper' match extension. i.e: -m helper --helper ftp.
>> if you need to distinguish between active and passive, you still can use
>> the port and state matches for that.
>
> Can you point me to the directions/manual for the
> "-m helper --helper ftp" so I can figure out what
> exactly it is doing and how to install it?
>
> Many thanks,
> -T
iptables -m helper -h
man iptables
find /lib/modules/ -name '*helper*' -exec modinfo '{}' \;
http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#HELPERMATCH
if your iptables / kernel don't have support for the helper match ->
time to upgrade!?
regards
Mart
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
