On Mon, Mar 31, 2008 at 08:07:35AM -0700, Tom Eastep wrote: > Brad Bendily wrote: >>> > Or just write out the line in full in your rules file. I've never been >>> > very impressed with one-line macros, they don't really accomplish >>> > anything that /etc/services doesn't already do. >>> >>> I never use them either. But I see a lot of this sort of thing from people >>> who use /etc/services without having any other clues: >>> >>> ACCEPT net fw tcp 21 >>> ACCEPT net fw udp 21 >>> >>> Of course these same users are also likely to include: >>> >>> ACCEPT net fw tcp 20 >>> ACCEPT net fw udp 20 >>> >>> Ignorance of how things work is rampant... >> >> trying to avoid ignorance here, are you saying that the above rules are bad? > > Three of them are. FTP uses TCP exclusively, so the two UDP rules are > senseless. And FTP uses port 20 as the SOURCE port for new active-mode > connections, so listing it in the DEST PORT(S) column is also silly.
UDP 21 is actually the common port for the obsolete (and resoundingly stupid) FSP. Not that anybody should be using it. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
