On Thu, Mar 22, 2001 at 08:37:18AM +0200, Michael Wood wrote: > e.g. filtering FTP traffic properly. With a stateless firewall, > you either have to allow only active FTP sessions into your > network from the outside if you have an internal FTP server for > some reason, and passive FTP sessions from the inside to > external FTP servers, or you have to allow anyone to connect to > any high port on any of your internal machines. With a stateful > packet filter that understands the FTP protocol, you can just > tell it to allow FTP connections and not have to open up huge > ranges of ports that actually have nothing at all to do with > FTP, but could be used in transferring FTP data.
In a way, 2.2 already had something similar. Masq+Masq_ftp. You can even masq only ftp, and get the benifit. Though, this is a workaround, it does help. Mike
