[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: passive ftp rules

On Mon, Dec 16, 2002 at 09:47:41AM -0700, Duncan Matthew Stirling wrote:
> Please show me any example of a passive firewall rule set.
block in on $ext_if all
pass out on $ext_if all keep state
Passive mode ftp means that the ftp data connections are opened from the
clients to the servers (as compared to active mode, which is the other
way around).
The rule set depends on where the clients and the servers are, relative
to the firewall, and in which directions you want to allow passive ftp,
and whether you're running NAT. Take a look at ftp-proxy(8), which
contains further explanations of ftp modes and example rules.
And if you want a more specific answer, we'll need more specific
questions :)