On 08/24/2018 04:28 PM, Samuel Sieb wrote:
Ok, that's great. But I'm still curious about why you need connection
tracking working. Perhaps I was misled in thinking you were referring
to your client system. Is this actually something you're trying to do
on a gateway server?
Hi Samuel,
Firewalld takes care of this stuff automatically.
For a custom iptables firewall to track an ftp client's high ports,
you have to implement my solution.
If not, you get:
Aug 22 16:12:09 rn6 kernel: dsl-out Everything Else IN= OUT=eno2
SRC=192.168.xxx.yyy DST=208.106.xxx.yyy LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=25991 DF PROTO=TCP SPT=59698 DPT=21023 WINDOW=29200 RES=0x00 SYN URGP=0
which is ftp's high ports not being tracked.
-T
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/CNVA7UBC64HFBT5J7APPFPNVBMPVFQJH/
