Date: Thu, 11 Oct 2001 10:24:32 -0500 From: Will Andrews <will@physics.purdue.edu> To: Rob Simmons <rsimmons@wlcg.com> Cc: Allen Landsidel <all@biosys.net>, freebsd-security@FreeBSD.ORG, Brock Kreiser <root63@earthlink.net> Subject: Re: firewall Message-ID: <20011011102432.B57251@squall.waterspout.com> In-Reply-To: <20011011100410.G7007-100000@mail.wlcg.com> References: <5.1.0.14.0.20011011094352.00b022e8@rfnj.org> <20011011100410.G7007-100000@mail.wlcg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 11, 2001 at 10:06:39AM -0400, Rob Simmons wrote: > Passive FTP requires a larger hole in the firewall than active does. You > must open port 21 as well as ports > 1024. Not good. > > If you use ipfilter and are keeping state, you only need the one pass in > rule for port 21. The state tables take care of the rest. Er, you have that backwards. Passive FTP requires a SMALLER hole because it doesn't require ports > 1024 like active does. -- wca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011011102432.B57251>