IPTABLES rules for active FTP
Noah
admin2 at enabled.com
Tue May 19 23:26:23 UTC 2009
thanks
Steve Flynn wrote:
> On Tue, May 19, 2009 at 6:22 PM, Noah <admin2 at enabled.com> wrote:
>> Hi there,
>>
>> What are the best iptables rules for active FTP connections?
>
> Google should give you something along the lines of
>
> /sbin/modprobe ip_conntrack_ftp
>
> iptables -A INPUT -p TCP -i eth0 --dport 21 -m state --state NEW -j ACCEPT
>
> iptables -A INPUT -p ALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> iptables -A OUTPUT -p ALL -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> Note - completely untested. I never have had a need to run anything
> other than Passive.
>
More information about the ubuntu-users
mailing list