Hello,
did anyone setup helpful tricks in pf concerning passive ports for ftp?
Why I am asking has the following reason:
In general you have to open ports for incoming passive ftp requests on a
wide range, but that4s a point I don4t like as I want to make life as
hard as possible for intruders/hackers which may try "ah, let4s see
what4s all open on that machine".
So what I want to setup is pf and the ftp-daemon in that way that the
ftp-daemon offers only a very small range of passive ports (or perhaps
only one single passive port?) and that pf opens only the same small
range of ports (or the same single port).
As it would be the best to not reinvent the wheel I would like to know:
Did anyone such a setup and could share ideas?
Have a nice day
Michael
--
Michael Schmidt MIRRORS:
DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/
Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/
