[LARTC] passive FTP trafic control
Ethy H. Brito
ethy.brito at inexo.com.br
Fri Nov 11 16:20:16 CET 2005
Hi All
How to classify packets belonging to a FTP session?
Port 21 session is easy. but what about data transfers? Their port numbers
(both) are above 1024.
I was thinking about ip_conntrack_ftp. Something like:
iptables -A FORWARD -p tcp --sport 1024: --dport 1024: \
-m state --state ESTABLISHED,RELATED -j CLASSIFY --set-class X:Y
But what if I also have ip_conntrack_irc, for instance. IRC packets will also
be directed to X:Y class since they are RELATED packets.
How to make shure that only FTP RELATED packets will be CLASSIFY'ed??
--
Ethy H. Brito /"\
InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil / \
More information about the LARTC
mailing list