I think there is, but you have to have a proper state engine that
watches the control channel (port 21 traffic) and selectively opens
ports to certain IPs during the transfers. Ofcourse I dont know if
ipfilter can do that, but if it cant, that would make a nice RFE :)
~tommy
Tommy McNeely
Electro Domestico - Unix Administrator
On Dec 15, 2004, at 10:00 AM, Amadeus Stevenson wrote:
Hello All,
I am using a "block all" firewall which then selectively allows
certain connections out and back in from a natted lan (ie. http, smtp
etc.).
The problem arises with FTP.
I read up on Active and Passive transfers from:
http://slacksite.com/other/ftp.html
I had to block ports > 1024 because of various file sharing programs
which would use whatever ports they could to share files and suck up
the bandwidth of the internet connection.
This also blocked FTP working properly.
Reading the above information it would seem that there's no way to
block file sharing while letting FTP clients work properly, as both
rely on random port numbers > 1024.
Is my thinking correct? Can anyone think of a solution to this problem?
Many thanks
Amadeus
