Date: Wed, 29 Mar 2000 16:49:05 -0800 (PST) From: Allan Saddi <asaddi@philosophysw.com> To: Alan Batie <batie@rdrop.com> Cc: Pierre Chiu <pccb@yahoo.com>, freebsd-security@FreeBSD.ORG Subject: Re: FTP with firewall rules Message-ID: <Pine.BSF.4.21.0003291642540.78004-100000@web2.sea.nwserv.com> In-Reply-To: <20000329095845.54716@rdrop.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Mar 2000, Alan Batie wrote: > ...To do active mode ftp properly, ipfw would need to parse the > contents of the packets on the ftp control channel and dynamically allow > the corresponding incoming connection. There's no indication that this > parsing capability is present. Interestingly enough, sometime back, Eivind Eklund added a feature to allow libalias(3) to "punch holes" in an ipfw-based firewall. The code is apparently still there. Unfortunately, it seems like neither natd nor ppp take advantage of this feature. (Currently, there's no way to turn it on.) It would be a seemingly trivial modification... but maybe there's some reason why it was never incorporated into natd/ppp? -- Allan Saddi "The Earth is the cradle of mankind, asaddi@philosophysw.com but we cannot live in the cradle http://www.philosophysw.com/asaddi/ forever." - K.E. Tsiolkovsky To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003291642540.78004-100000>