http://bugzilla.novell.com/show_bug.cgi?id=561647
http://bugzilla.novell.com/show_bug.cgi?id=561647#c1
Jozef Uhliarik changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution| |INVALID
--- Comment #1 from Jozef Uhliarik 2010-02-09 16:01:39 UTC ---
I would like inform you that there exist also YaST module for ftp. There you
can open port 21 in SuSEfirewall2.
Select Expert Settings -> checkbox "Open port in Firewall". There is exception
for defined passive port range. If you define passive port range it is not open
in firewall.
Checkbox "Open port in Firewall" open only port 21:
SuSEfirewall2 debug | grep ftp
SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
SuSEfirewall2: using default zone 'ext' for interface eth0
iptables -A input_ext -m limit --limit 3/minute -j LOG --log-level warning
--log-tcp-options --log-ip-options --log-prefix SFW2-INext-ACC-TCP -p tcp
--dport ftp --syn
iptables -A input_ext -j ACCEPT -p tcp --dport ftp
iptables -A input_ext -m limit --limit 3/minute -j LOG --log-level warning
--log-tcp-options --log-ip-options --log-prefix SFW2-INext-ACC-TCP -p tcp
--dport ftp-data --syn
iptables -A input_ext -j ACCEPT -p tcp --dport ftp-data
ip6tables -A input_ext -m limit --limit 3/minute -j LOG --log-level warning
--log-tcp-options --log-ip-options --log-prefix SFW2-INext-ACC-TCP -p tcp
--dport ftp --syn
ip6tables -A input_ext -j ACCEPT -p tcp --dport ftp
ip6tables -A input_ext -m limit --limit 3/minute -j LOG --log-level warning
--log-tcp-options --log-ip-options --log-prefix SFW2-INext-ACC-TCP -p tcp
--dport ftp-data --syn
ip6tables -A input_ext -j ACCEPT -p tcp --dport ftp-data
SuSEfirewall2: batch committing...
SuSEfirewall2: Firewall rules successfully set
have a nice day
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.