On Tue, May 08, 2007 at 02:11:33PM +0200, Franck Joncourt wrote: > iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
As a host based filter i would not use RELATED (and maybe not established) at all. You should limit FTP-Servers Data-port bind range and allow that, for the ftp user. Limit ftp-bounce connections (no outgoing ftp data to a priveledged port) and then you are fine. Gruss Bernd -- (OO) -- [EMAIL PROTECTED] -- ( .. ) [EMAIL PROTECTED],linux.de,debian.org} http://www.eckes.org/ o--o 1024D/E383CD7E [EMAIL PROTECTED] v:+497211603874 f:+49721151516129 (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
