Date: Mon, 14 Feb 2005 09:15:11 +0100 From: Giulio Ferro <auryn@zirakzigil.org> To: freebsd-ipfw@freebsd.org Subject: ftp, cvsup, etc... Message-ID: <42105E0F.30204@zirakzigil.org>
next in thread | raw e-mail | index | archive | help
Hassn't anybody thought yet of a way to manage thoso protocols which dynamically open more passive connections when the the first connection is established, like ftp or cvsup. Now you are forced to keep high ports open (let's say 20000-65535) to allow for dynamic connections, but I think that is a less than optimal solution. I would be great if ipfw actually "understood" those protocols and open up ports as need requires. A linked question is: doesn't anybody else think that protocol inspection would be a very desirable feature in ipfw? Maybe together with a virus scan for client-side code (activex, plugin, applet, etc...) Bye.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42105E0F.30204>