[Gllug] Iptables Continued
Sean Burlington
sean at uncertainty.org.uk
Mon Feb 14 18:53:19 UTC 2005
Mick Farmer wrote:
> Dear GLLUGers,
>
> I'm continuing to fight iptables and have now come across
> this problem. I'm allowing FTP out of my box, and this
> works as follows, for ftp-control (port 21).
>
> -A OUTPUT -p tcp --dport ftp -m state --state NEW -j ACCEPT
>
> That's fine. I was expecting the following rule to work for
> the latest ftp-data (not port 20).
>
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
it should work but you need to have the following module loaded
ip_conntrack_ftp
--
Sean
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list