[lug] FTP question.

Lance Jones lj at colorado-research.com
Fri Aug 10 08:48:40 MDT 2001


> Unless you have full control over the clients, your ability to limit port
> ranges will be limited to modifications of the ftpd source code.  Here
> again, I must be a little confused.

Wu-ftp allows you to limit the port ranges quite easily.  Add a line similar
to:
  passive ports 0.0.0.0/0 32768 32968

in the file /etc/ftpaccess.  man ftpaccess for more info of course.  This is a
useful facility if you depend on static access lists for firewall security.
"Stateful" inspection of packets (as in 2.4 kernels?) might accomodate a more
elegant solution than this.

lj




More information about the LUG mailing list