[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fully transparent ftp-proxy?

On Wed, Oct 30, 2002 at 10:52:28PM +0000, Roy Badami wrote:
> An imperfect kernel FTP proxy (as provided by iptables or ipfilter) is
> surely still better than nothing when firewalling an FTP server.
no it's not. again, you don't get the security implications. ftp connection
tracking in the kernel is just plain wrong. please read about the recent
problems wrt this in ipfilter and the linux packages.