From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Furniss Date: Wed, 12 May 2004 07:53:39 +0000 Subject: Re: [LARTC] ip_conntrack_ftp Message-Id: <40A1D803.8050900@dsl.pipex.com> List-Id: References: <20040511012222.6c12892f@vr> In-Reply-To: <20040511012222.6c12892f@vr> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org raptor wrote: > yep my config is very similar i.e. : > > iptables -N block > iptables -A block -i $ifInt0 -j ACCEPT > iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A block -j DROP > > > iptables -A INPUT -i $ifWan0 -j services > iptables -A FORWARD -i $ifWan0 -j services > iptables -A INPUT -j block > iptables -A FORWARD -j block > > I added also this (do I really need it in my config I'm allowing everything from inside anyway): > >>iptables -A block -m state --state NEW -i ! $ifWan0 -j ACCEPT > > > after ESTABLISHED,RELATED but still can do active FTP > > "services" is for giving access to wellknown services... > I'm not using NAT I am not sure what's wrong. Are you running an FTP server or just trying to access one on the internet from behind the firewall ? Andy. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/