-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2011-05-01 11:14, Dimstar / Dominique Leuenberger wrote:
On Sun, 2011-05-01 at 03:32 +0200, Carlos E. R. wrote:
What is sport,dport? There is no example there for ftp :-(
sport = Source Port dport = Destination Port.
Ah, destination. I wonder... do they have to match both, or any of them? I mean, the condition is anded or ored? I'm thinking the rule might be: 192.168.1.0/24,tcp,ftp,ftp 192.168.1.0/24,tcp,ftp-data,ftp-data I'll try that tomorrow.
Are you using TLS over FTP? Then the entire conntracking does not work (the PORT command is transmitted encrypted, the kernel doesn't see it and can't open the respective ports).
No, just plain ftp. If I want protection, I use ssh/sftp, far easier to configure. Right now, it is just for my education, I don't need to use it right now. The question arouse in the forum, and I realized I do not know how to do it. I had it working time ago, with a setting that opened all high ports that has disappeared from the distro. Or a list of 10 ports. At least now I have it working in passive mode.
What I have in my FW config (sorry, iptables.. but you can translate this to your setup)
Ha, ha. :-) I'm not that good. - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk29+PIACgkQtTMYHG2NR9XLqQCgmIhR3OMwacUexZMT3HTbmLIX WGUAn1sIhXd7/Q29DPq+Kg/df4H5qkcj =MV2/ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org