[lug] FTP question.
Lance Jones
lj at colorado-research.com
Fri Aug 10 08:48:40 MDT 2001
> Unless you have full control over the clients, your ability to limit port
> ranges will be limited to modifications of the ftpd source code. Here
> again, I must be a little confused.
Wu-ftp allows you to limit the port ranges quite easily. Add a line similar
to:
passive ports 0.0.0.0/0 32768 32968
in the file /etc/ftpaccess. man ftpaccess for more info of course. This is a
useful facility if you depend on static access lists for firewall security.
"Stateful" inspection of packets (as in 2.4 kernels?) might accomodate a more
elegant solution than this.
lj
More information about the LUG
mailing list