Re: nf_conntrack_helper replacement?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/20/22 11:41, Reindl Harald wrote:

iptables-nft -t raw -A PREROUTING -p tcp --dport 21 -j CT --helper ftp



What do I need to alter on my ftp tables to get this
to work?  Do I remove "-m conntrack"?
$tbls -A dsl-out -o $eth1 -p tcp -s $eth1_addr --sport $unassgn --dport ftp -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
$tbls-nft -A dsl-in -i $eth1 -p tcp ! --syn --sport ftp -d $eth1_addr --dport $unassgn -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
$tbls-nft -A dsl-for -i $eth1 -p tcp ! --syn --sport ftp -d $internal_net --dport $unassgn -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
$tbls-nft -A dsl-out -o $eth1 -p tcp -s $eth1_addr -d $ANY_IP -m helper --helper ftp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
$tbls-nft -A dsl-in -i $eth1 -p tcp ! --syn -s $ANY_IP -d $eth1_addr -m helper --helper ftp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
$tbls-nft -A dsl-for -i $eth1 -p tcp ! --syn -s $ANY_IP -d $internal_net -m helper --helper ftp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux