huhu. is there a possibility to limit the access for clients to defined hosts/ IPs? some ftp-servers (e.g. "ProFTPD", http://www.proftpd.org) allow apache-style directives like <Limit LOGIN> Order deny,allow Deny from .evil.net Allow from all </Limit> to deny access from *.evil.net but allow all others. if using the following topology: Internet <-------> Firewall with ftp-proxy <-------> ftp-server (abuse.evil.net) 194.12.34.5 192.168.0.1 192.168.0.2 ...the ftp-server "thinks" the client is the ftp-proxy ("192.168.0.1") and the access-limitations above don't work (e.g. I'm not able to filter all connections from the domain "abuse.evil.net"). are there any solutions? I miss something like DenyConnections *.evil.net, bill-gates.com, 207.46.230.220 AllowConnections *.suse.de in the "ftp-proxy.conf" file. -- Michael
On Mon, Apr 15, 2002 at 02:04:59PM +0200, Michael Schams wrote:
huhu.
Hi!
is there a possibility to limit the access for clients to defined hosts/ IPs? some ftp-servers (e.g. "ProFTPD", http://www.proftpd.org) allow apache-style directives like
<Limit LOGIN> Order deny,allow Deny from .evil.net Allow from all </Limit>
Use "TCPWrapper yes" in ftp-proxy.conf in /etc/hosts.allow: ftp-proxy: DENY .evil.net If you have more than one proxy running, you can set the name as well, i.e. "TCPWrapperName ftp-intern".
are there any solutions? I miss something like
DenyConnections *.evil.net, bill-gates.com, 207.46.230.220 AllowConnections *.suse.de
in the "ftp-proxy.conf" file.
RTFMP: ftp-proxy.conf(5), hosts_access(5).
Gruesse,
Marius Tomaschewski
participants (2)
-
Marius Tomaschewski
-
Michael Schams