Ahh, yes, I didn't even think about the udp part. Of course I don't have udp rules for my ftp rules.
On Mon, Mar 31, 2008 at 10:17 AM, Andrew Suffield <[EMAIL PROTECTED]> wrote: > On Mon, Mar 31, 2008 at 08:07:35AM -0700, Tom Eastep wrote: > > Brad Bendily wrote: > >>> > Or just write out the line in full in your rules file. I've never been > >>> > very impressed with one-line macros, they don't really accomplish > >>> > anything that /etc/services doesn't already do. > >>> > >>> I never use them either. But I see a lot of this sort of thing from > people > >>> who use /etc/services without having any other clues: > >>> > >>> ACCEPT net fw tcp 21 > >>> ACCEPT net fw udp 21 > >>> > >>> Of course these same users are also likely to include: > >>> > >>> ACCEPT net fw tcp 20 > >>> ACCEPT net fw udp 20 > >>> > >>> Ignorance of how things work is rampant... > >> > >> trying to avoid ignorance here, are you saying that the above rules are > bad? > > > > Three of them are. FTP uses TCP exclusively, so the two UDP rules are > > senseless. And FTP uses port 20 as the SOURCE port for new active-mode > > connections, so listing it in the DEST PORT(S) column is also silly. > > UDP 21 is actually the common port for the obsolete (and resoundingly > stupid) FSP. Not that anybody should be using it. > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -- Have Mercy & Say Yeah ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
