I'm configuring a notebook which will use PF to protect itself from the
environments in which I use it, and would like to have FTP 'just work'
on it -- whether it's from an explicit FTP command, from a browser, or
embedded in some other program or script. Unfortunatly there doesn't
seem to be any really good way to do this when a system is its own
firewall; the best tool I've found so far is 'ftpsesame', which
acknowledges a couple of significant problems (there's no guarantee that
the PF rules changes it makes will happen in time, and inspecting
packets 'on the fly' without a full TCP stack is errorprone).
I'd expect this to be a rather common desire; is there a good solution
that I've missed? Suggestions are very welcome.
I do notice that 4.7 has a new divert-to-userland ability that looks
like it could be used to solve this problem properly, by intercepting
outbound and inbound control-connection packets on the egress interface.
If I read the documentation correctly, ftp-proxy has not (yet) been
updated to work this way; is anyone known to be planning to do this?
Thanks,
Dave
--
Dave Anderson
<d...@daveanderson.com>
