On 11/09/2004 Mike Mestnik wrote: > /etc/service? This file lists the service names, I bet firehol will > accept both names and numbers.
you bet wrong... firehol accepts only internal configured services to be opened/closed. > > sorry, i didn't get what you want to explain. you're talking about > > ip_conntrack_ftp sources, or about firehol sources? > > Kernel sources ip_conntrack_ftp. You should also need to specify the > ports param to ip_nat_ftp, if your doing NAT. i guess i don't do NAT, as this is no gateway but rather a standalone server. > [... ip_contrack_ftp sources ...] > That's it That's all. This will need to be expaneded to include searchs > for all four of these in the SERVER direction, with the DIR_REPLY and > DIR_ORIGINAL swaped. After that the code to support, do something usefull > with, these new searchs will need to be added. i still didn't get the point. you claim, that the module doesn't understand the -ports option? or do you mean that ip_conntrack_ftp has problems with handling more than one IP-addresses, as i have 2? > I realy don't think this tobe the case, as services are only open ports. > Are you talking about client VS server, meaning that service-related == > client and port-related == server? sorry for confusion, in firehol services have some configuration, and thus you can only open/close configured services. simply using portranges doesn't work. bye jonas
