From mboxrd@z Thu Jan  1 00:00:00 1970
From: James Sneeringer <james+lartc@vincentsystems.com>
Date: Fri, 18 Oct 2002 17:42:42 +0000
Subject: Re: [LARTC] why dont packets go where i want?
Message-Id: <marc-lartc-103496302113625@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-103484229426470@msgid-missing>
In-Reply-To: <marc-lartc-103484229426470@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

On Fri, Oct 18, 2002 at 08:41:42AM +0200, Stef Coene wrote:
> There is a -m helper option so you can load additional modules.  There is a 
> module that matches ftp packets (both data and control), but I don't know the 
> syntax.  A google search on "iptables -m helper ftp" will help
> http://www.netfilter.org/documentation/pomlist/pom-oldnat.html#helper :

Looks like it's been submitted for kernel inclusion with newnat:

http://www.netfilter.org/documentation/pomlist/pom-submitted.html#helper

For now, though, you'll still need to use patch-o-matic to be able to
use this module.

> If you want to match all packets belonging to ftp-sessions:
> (both ftp-command and ftp-data connections)
> 
> iptables -A INPUT -m helper --helper ftp -j ACCEPT

You'll also need the ip_conntrack_ftp module to be loaded.

-James

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/