[luau] Iptables firewall question
Warren Togami
warren at togami.com
Fri Jan 10 20:16:01 PST 2003
Vince Hoang wrote:
>
> My memory must be failing. Looking back at my homebrew iptables
> script, it _does_ use ip_conntrack_ftp and RELATED flags for ftp.
> (I also allow use ip_local_port_range to reduce the ephemeral port
> range and accept ftp only from a small range of addresses.)
>
> I do feel more comfortable about a firewall if it did not have to
> protect an ftp server. A less schizophrenic protocol such as http
> requires a single pair of src/dst ip/port. I can trust the state
> established by that protocol more than that of ftp by several
> orders of magnitude.
>
> -Vince
Perhaps things would be better if everyone used stateless and lower
overhead file transfer protocols like rsync. It doesn't have ugly port
usage like FTP protocol and it saves bandwidth too.
Warren
More information about the LUAU
mailing list