Date: Fri, 31 Mar 2000 10:12:37 -0700 (MST) From: Paul Hart <hart@iserver.com> To: Alan Batie <batie@rdrop.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FTP with firewall rules Message-ID: <Pine.BSF.4.21.0003311002120.3529-100000@anchovy.orem.iserver.com> In-Reply-To: <20000329095845.54716@rdrop.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Mar 2000, Alan Batie wrote:
> To do active mode ftp properly, ipfw would need to parse the contents
> of the packets on the ftp control channel and dynamically allow the
> corresponding incoming connection. There's no indication that this
> parsing capability is present.
I know we're talking about IPFW here, but hasn't IP Filter (also included
with FreeBSD) been supporting this very operation for quite a while now?
Is there a reason why people would try to hack up IPFW to get it to do
something when IP Filter already does it?
The version of IP Filter bundled with FreeBSD has historically lagged the
latest releases, so check out:
http://coombs.anu.edu.au/~avalon/
for the newest release. I've been using IP Filter for some time and I've
found it to be an excellent piece of software.
Paul Hart
--
Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc.
hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003311002120.3529-100000>