Hi All,
I'm about to try out ftpsesame on our firewall. The system is set up
as a bridge and I only filter on $ext_if.
I intend running ftpsesame as > ftpsesame -i $ext_if
excerpts from pf.conf:
pass in quick on $int_if
pass out quick on $int_if
block
in log on $ext_if all
block return out log on $ext_if all
# ftp
rules
anchor ftpsesame out on $ext_if
pass in quick on $ext_if proto tcp from any to (<ftpc_in> port=21 flags S/SA modulate
state
anchor ftpsesame in on $ext_if proto tcp from any to <ftpc_in>
I want ftpsesame to handle all outbound and inbound ftp traffic.
Outbound we have other rules which control whether particular addresses
have internet access on not,
Inbound we have a table <ftpc_in> which lists all addresses on campus
that have inbound access on port 21.
Will this do what I want?
--
Russell Fulton /~\ The ASCII
Network Security Officer \ / Ribbon Campaign
The University of Auckland X Against HTML
New Zealand / \ Email!
