Talk About Network

Google





Software > Linux Debian Maint Firewall > Re: ftp table
Latest [ Topics | Posts ] Archive Post A New Topic Post a Reply
<< Topic < Post Post 1 of 1 Topic 1584 of 1645
 Post > Topic >>

Re: ftp table

by Mark Chong <mark@[EMAIL PROTECTED] > Jul 3, 2008 at 02:30 AM

Sathyaninkara please reply to the mailing list address and not the 
individual who sent a message.

Sathyainkara Balendra wrote:
> But, if I disable this line is gives me following:
> ftp> ls
> 200 ****T command successful.
> 425 Can't build data connection: Operation timed out
> ftp>
>
>
> --- On *Wed, 2/7/08, Mark Chong /<mark@[EMAIL PROTECTED]
>/* wrote:
>
>     From: Mark Chong <mark@[EMAIL PROTECTED]
>
>     Subject: Re: ftp table
>     To: sathyainkara.balendra@[EMAIL PROTECTED]
>     Cc: "debian firewall" <debian-firewall@[EMAIL PROTECTED]
>
>     Date: Wednesday, 2 July, 2008, 8:02 AM
>
>     -A INPUT -p tcp -s 212.74.114.60 --s****t 20:21 -m state --state NEW
-j 
>     ACCEPT
>
>     this rule allows for that machine to make ANY connections to your
machine
>
>     if you only want to make it so you can connect to it and on ftp,
then 
>     you only need the output rule
>
>     also just
>      FYI, just because your connecting to a machine on ****t 20 or 
>     21 does not mean you HAVE to talk ftp to that machine, same goes for
any 
>     ****ts
>     for example if you had a rule blocking all outgoing traffic except
for 
>     ****t 80 would mean a user could connect to a remote machine over ssh
if 
>     the remote machine had a ssh server listening on that ****t.
>
>
>     Sathyainkara Balendra wrote:
>     > Thanks for ur helpful answers.
>     > I am using following settings now and it works:
>     > #FTP-TABLE
>     > *filter
>     >
>     > : INPUT DROP [0:0]
>     > : FORWARD DROP [0:0]
>     > : OUTPUT DROP [0:0]
>     >
>     >
>     > -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>     > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>     >
>     >
>     > -A INPUT -p tcp -s 212.74.114.60 --s****t 20:21 -m state --state
NEW -j 
>     > ACCEPT
>     > -A OUTPUT -p tcp -d 212.74.114.60 --d****t 20:21 -m state --state
NEW 
>     >
>      -j ACCEPT
>     >
>     >
###################################################################
>     >
>     > COMMIT
>     >
>     >
>     >
------------------------------------------------------------------------
>     > Not happy with your email address?
>     > Get the one you really want
>     <http://uk.docs.yahoo.com/ymail/new.html>

>     > - millions of new email addresses available now at Yahoo! 
>     > <http://uk.docs.yahoo.com/ymail/new.html>

>
>
>     -- 
>     To UNSUBSCRIBE, email to debian-firewall-REQUEST@[EMAIL PROTECTED]
>     with a subject of "unsubscribe". Trouble? Contact
>     listmaster@[EMAIL PROTECTED]
>
>
> ------------------------------------------------------------------------
> Not happy with your email address?
> Get the one you really want <http://uk.docs.yahoo.com/ymail/new.html>

> - millions of new email addresses available now at Yahoo! 
> <http://uk.docs.yahoo.com/ymail/new.html>



-- 
To UNSUBSCRIBE, email to debian-firewall-REQUEST@[EMAIL PROTECTED]
 a subject of "unsubscribe". Trouble? Contact
listmaster@[EMAIL PROTECTED]




 1 Posts in Topic:
Re: ftp table
 Mark Chong <mark@[EMAI  2008-07-03 02:30:13 

Post A Reply:
  Go here to Signup

AddThis Feed Button


About - Advertising - Contact - Frequently Asked Questions - Privacy Policy - Terms of Use - Signup
Contact
localhost-V2008-12-19 Fri Jan 9 13:54:52 PST 2009.