Forwarding FTP ports
Whit Blauvelt
whit@transpect.com
Fri, 21 Dec 2001 16:36:58 -0500
On Fri, Dec 21, 2001 at 04:28:53PM -0500, Whit Blauvelt wrote:
> I was wrong in how I labelled my rules.
Hmm. No I wasn't.
> Your protection is to be sure that it's just ESTABLISHED or RELATED
> traffic that goes across. Otherwise you really are just opening up fairly
> wide.
And my practical experience is that RELATED is enough for the passive
high-port stuff, which ESTABLISHED,RELATED is the requirement for the port
20 active stuff. (Not sure why.) Then, if the underlying firewall code is
good, I think you're pretty tight. Someone please jump in if I'm wrong.
Whit