Thomas Winter <thomas.win...@alliedtelesis.co.nz> wrote: > Hello, > > We are using netfilter to implement a firewall for a router and we had the > problem that the ftp data connections were not being logged. > I did some investigating and found that it is conntrack that is allowing the > secondary connection by the ftp helper module. > I created a patch to enable such logging for any conntrack helper. > Is this a good change? Or did I miss something really obvious?
It should be possible to log the data connections via -p tcp -m conntrack --ctstate RELATED -m helper --helper ftp -j (NF)LOG
