Mailinglist Archive: opensuse (2575 mails)

< Previous Next >
Re: [opensuse] Manual Netfilter (IPTables) using ip_conntrack_ftp and ip_nat_ftp
  • From: David Haller <opensuse@xxxxxxxxxx>
  • Date: Tue, 10 Feb 2009 19:13:30 +0100
  • Message-id: <20090210181330.GB6133@xxxxxxxxxxxxxxxxxx>
Hello,

On Tue, 10 Feb 2009, LLLActive@xxxxxxx wrote:
# FTP
for p_ftp in $plist_ftp; do
# use these rules for every port in $plist_ftp
iptables -A FORWARD -i $IF_INT -o $IF_EXT -p TCP -s $NET_INT -d
$NET_ALL --sport $p_high --dport $p_ftp -m state --state NEW,ESTABLISHED -j
ACCEPT
iptables -A FORWARD -i $IF_EXT -o $IF_INT -p TCP -s $NET_ALL -d
$NET_INT --sport $p_ftp --dport $p_high -m state --state ESTABLISHED -j ACCEPT
done

Try with conntrack and '-m state --state [NEW,]RELATED,ESTABLISHED'.

HTH,
-dnh

--
Love your enemies: they'll go crazy trying to figure out what you're up
to. -- BSD fortune file
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
References