[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fully transparent ftp-proxy?



When all you have is a hammer, everything looks like a nail:
> I understand the security implications.  I agree that FTP should be
> handled in user space.  I want a solution that can be used to firewall
> FTP servers.  I was proposing that this should be done in userspace,
> and musing on what level of kernel support such a solution would
> require.
You have a solution. ftp-proxy + reverse diff. (If you don't see the
need for the reverse diff, you're obviously not thinking of both
active and passive connections). Firewalling is achievable.
As far as I can tell, your complaint is logging, which can surely
be handled by the ftp-proxy. It can do all sorts of logging. 
Feed them back to your loghost via a rotate script, or syslog.
But at this point, I no longer see what problem you're trying to solve.
-kj