Tomek L a écrit : > I agree on source port issue, but I don't think that in case of TLS > there is nothing that can be done with FTP helper. Still we can assume > that just after TLS AUTH negotiation, client will connect on high port > with new connection to server. Now we are in situation, where if TLS > is used, high ports on server side must be open all the time. IMO, it is not much better to open all passive ports to any host which has established a connection to port 21 regardless of whether a PASV/EPSV command was acknowledged by the server. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
