From: Abraham van der Merwe <abz@frogfoot.net>
To: lartc@vger.kernel.org
Subject: [LARTC] matching ftp - how?
Date: Wed, 12 Mar 2003 14:18:25 +0000 [thread overview]
Message-ID: <marc-lartc-104747890714929@msgid-missing> (raw)
[-- Attachment #1: Type: text/plain, Size: 1718 bytes --]
Hi!
If I have the ftp connection tracking module compiled in, how do I match ftp
packets (I know ftp connections are tracked, but I want to match it to count
the traffic / shape it, etc)
You can obviously match active and passive ftp traffic as follows:
iptables -A FORWARD -s $net -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED
iptables -A FORWARD -d $net -p tcp --sport 21 -m state --state ESTABLISHED,RELATED
and for active ftp:
iptables -A FORWARD -s $net -p tcp --dport 20 -m state --state ESTABLISHED
iptables -A FORWARD -d $net -p tcp --sport 20 -m state --state ESTABLISHED,RELATED
and for passive ftp:
iptables -A FORWARD -s $net -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED
iptables -A FORWARD -d $net -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED
where $net is the network which is making the connection.
The problem is that the passive ftp rules will also match traffic from other
protocols which uses ports higher than 1024. Is there no way I can match
traffic which is matched by a certain connection tracking module (and only
that module), e.g.
iptables -A FORWARD -s $net -m conntrack --proto ftp
iptables -A FORWARD -s $net -m conntrack --proto irc
iptables -A FORWARD -s $net -m conntrack --proto h323
etc.
--
Regards
Abraham
I'm having BEAUTIFUL THOUGHTS about the INSIPID WIVES of smug and
wealthy CORPORATE LAWYERS ...
___________________________________________________
Abraham vd Merwe - Frogfoot Networks CC
9 Kinnaird Court, 33 Main Street, Newlands, 7700
Phone: +27 21 686 1674 Cell: +27 82 565 4451
Http: http://www.frogfoot.net/ Email: abz@frogfoot.net
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
next reply other threads:[~2003-03-12 14:18 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-12 14:18 Abraham van der Merwe [this message]
2003-03-12 15:03 ` [LARTC] matching ftp - how? Eric Leblond
2003-03-12 15:45 ` Ethy H. Brito
2003-03-12 21:25 ` Abraham van der Merwe
2003-03-13 7:50 ` Eric Leblond
2003-03-15 21:12 ` Eric Leblond
2003-03-17 20:17 ` Ethy H. Brito
2003-03-17 20:30 ` Manuel Samper
2003-03-17 22:28 ` Eric Leblond
2003-03-18 11:26 ` Eric Leblond
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104747890714929@msgid-missing \
--to=abz@frogfoot.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.