Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Re: [suse-security] Re: SuSEfirewall2 and Active ftp
  • From: Ian David Laws <ian@xxxxxxxxxxxxxxxx>
  • Date: Fri, 18 Jul 2003 15:47:30 +0200
  • Message-id: <200307181547.43093.ian@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
On Friday 18 July 2003 13:55, Stefan Andreas Tichy wrote:
> On Fri, Jul 18, 2003 at 01:08:49AM +0200, Steffen Dettmer wrote:
> > I do not understand why this allows masqueraded clients to access
> > active FTP resources. Well, without masq I think the "RELEATED"
> > option of iptables does the trick.
>
> It does ( if ip_conntrack_ftp is loaded )
>
>
> Active FTP may go beyond the scope of the SuSEfirewall2 tool. It's
> just an assumption. I never used SuSEfirewall2.
> Is it an option for you to use iptables without that SuSE tool?
Why do you not take a look at Shorewall you can mix iptable commands with
simple easy type rules. You can find it at http://www.shorewall.net/

Ian
- --
A child of five would understand this.
Send someone to fetch a child of five.
Groucho Marx

- ----------------------------------------------------
This mail has been scanned for virus by
AntiVir for UNIX
Copyright (C) 1994-2003 by H+BEDV Datentechnik GmbH.
PGP ID: 589F8449
Fingerprint: EB1C FACF 6BEB 540E 8AC0 F04E 2A25 A2F1 589F 8449
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/F/p+KiWi8VifhEkRAqQuAKCgTMvWZV1XYKcTSAQFFsxplmrsdACfWLMS
fQCKTxOG0+WUi7p7O3oqEP0=
=N4al
-----END PGP SIGNATURE-----


< Previous Next >