On Wed, Jul 26, 2000 at 10:55:36AM -0700, Sudhakar Chandra wrote:
> Because of a policy of security through obscurity, I don't know. All I
> know is that the firewall does not filter anything going out. It just does
> not allow incoming connections in previleged ports. That is one reason FTP
> from inside has to be passive.
>
firewalls can filter stuff going out too. about FTP sessions, they dont _have_
to be passive. Use the ip_masq_ftp module to work around masq'ing the FTP protocol. as
of ipchains, for blocking stuff going out, make a rule specifying u're
network as a source and a specific address and set the policy to DENY. zillions
of combinations possible, between input and output and forward rules...
Nikhil.
----------------------------------------------------------------------
For information on this and other Linux India mailing lists check out
http://lists.linux-india.org/
