On Wed, Feb 19, 2003 at 04:39:57AM -0800, Paul Johnson wrote: > On Wed, Feb 19, 2003 at 03:02:33PM +1300, Richard Hector wrote: > > Should that (ip_conntrack_ftp) work for a non-NAT filter as well? > > > > Or is there some other trick for that? > > I don't imagine it would, but then again, I've never tried it so I > don't know firsthand. Care to try it and post the results?
I tried it briefly - that is, I used modconf to install ip_conntrack_ftp. It didn't work (still logged dropped packets when I tried to ls). Then I read something that suggested to me that maybe this module just updates a table, and I need extra iptables rules to allow related traffic. The combination of the hassle of reading about and doing this, and the other article I read on 2.4/ftp vulnerabilities, and the fact that I actually don't use ftp very much, made me decide it wasn't worthwhile going further (at the moment, anyway). Richard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
