[LARTC] Marking ftp inbound traffic is impossible ?
Dimitris Kotsonis
jnk@pwn.emphyrio.org
Sat, 08 Jan 2005 11:48:18 +0200
ngo giang wrote:
> Hello,
>
> I searched the archives mailing list of LARTC. Everyone discussed about
> marking outbound ftp
>
> traffic . I could not find any thread discussed about marking inbound
> ftp traffic.
>
> With inbound ftp traffic , we don't know the random ports specified by
> ftp servers in passive mode ?
>
> So marking inbound ftp traffic is impossible ?
>
> If it is possible, can you tell me,
>
> Thanks in advance,
>
> nhgiang
Use CONNMARK and owner match. For example, to mark incoming and ougoing
packets of vsftpd with fwmark 12 use the following ...
iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT -m owner --cmd-owner vsftpd -j MARK-set-mark 12
iptables -t mangle -A OUTPUT -j CONNMARK --save-mark