Request for help: Debian firewall,
and maybe some kernel upgradetips
Gerald Combs
gerald at ethereal.com
Fri Apr 15 10:30:13 CDT 2005
Jack wrote:
> Correct me if I'm wrong, but the simple firewall rules
> posted earlier would effectively break ftp. Wouldn't
> the unpriviledged ports also be blocked? Wouldn't you
> need to specifically allow the unpriviledged ports for
> either active or passive ftp? Wouldn't you need to
> allow outbound ports also? I don't remember all the
> rules posted, but I would think that the default rule
> would be to drop inbound and outbound unused ports.
AFAIK, the firewall rules that Chris posted premit all outbound traffic.
Assuming that you're firewalling the client and not the server, this
would allow passive FTP connections since they originate from the
client. To allow active connections in from the server to the client
you'd have to enable some sort of connection traffic.
More information about the Kclug
mailing list