aktivne FTP cez IPFILTER

Andrej Bojda bojda at centrum.sk
Fri Nov 7 10:44:31 CET 2003


Ako nastavim IPFILTER tak aby som mohol pozivat FTP klienta s
aktivnym rezimom ?

Toto je moj ruleset:
vi /etc/ipf.rules

#zaciatok pravidiel:

block in log quick from any to any with ipopts
block in log quick proto tcp from any to any with short

pass in quick on lo0 all
pass out quick on lo0 all

pass out quick on rl0 all keep state head 100
block in quick on rl0 all head 200

block out quick from 127.0.0.0/8 to any group 100
block out quick from any to 127.0.0.0/8 group 100
block out quick from any to 195.113.7.47/32 group 100

block in quick from 195.113.7.47/32 to any group 200
block in quick from 127.0.0.0/8 to any group 200

#utocnici
block in quick from 66.78.35.29/32 to any group 200
block in quick from 195.117.146.253/32 to any group 200
block in quick from 212.235.75.248/32 to any group 200
block in quick from 66.255.143.99/32 to any group 200
block in quick from 210.39.43.132/32 to any group 200
block in quick from 195.110.81.50/32 to any group 200

pass in quick proto tcp from 195.113.7.48/32 to any port = 22 keep
state group 200

block return-rst in quick proto tcp all group 200
block return-icmp-as-dest(port-unr) in quick on rl0 proto udp all
group 200


Dakujem za radu.

Andrej

---------------------------------------------------------
http://mail.centrum.sk/ - Chceš nový e-mail, zriaď si ho!



More information about the Users-l mailing list