Hi, On Mon, May 21, Philipp Snizek wrote:
But why do you want to change it? It is not advisable. Maybe you should reconfigure your firewall the way Squid is doing http, https and pasv ftp job for you. Doing so you can save up some of the rule set and make it a more secure firewall. You could also configure Bind as a Cache DNS making it kinda DNS proxy. Then you would only have left smtp, pop3 and all the rest you need making it an easy job to configure.
Maybe Hasi's patches for dynamic FTP PORT firewall rules is what you're looking for: http://www.suse.de/~mha/index-next.html "For Linux kernel 2.2.x. This patch introduces automatically created, kernel maintained, dynamic firewall rules for firewalling FTP connections. It allows active FTP data connections without opening the firewall, by scanning for the PORT command in FTP command connections and creating a dynamic (i.e. it times out eventually - default 3 minutes, if unused) firewall rule for the data connection. See the README for what it does. People have reported that it works very well for them."
Philipp -o) Hubert Mantel Goodbye, dots... /\\ _\_v