[Gllug] ftp / iptables
Paul Brazier
pbrazier at cosmos-uk.co.uk
Tue Oct 30 11:12:06 UTC 2001
> have you done
> insmod ip_conntrack_ftp
> or otherwise made sure your kernel can do ftp connection tracking ?
I'm testing this on a Mandrake 8.0 box which I think has all the
iptables/netfilter modules automatically installed.
I think it normally complains if the modules aren't present when you
create the rules but I'll double-check this.
> I do this similarly (accept all established/related - and new
> connections to the specific service)
> iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A block -m state --state NEW -i ppp0 -p TCP \
> --dport ftp -j ACCEPT
>
> adding a log entry can help see what is happening - moving it
> around in
> the script (or having sveral entries can help too)
>
> iptables -A block -j LOG --log-prefix " some-prefix "
I'll look into this logging more closely I think.
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the originator.
This footnote also confirms that this email message has been checked
for the presence of computer viruses.
**********************************************************************
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list