[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[4]: [suse-security] SuSEfirewall2 and Active ftp

Hello Knut,

ok, but the data transfer from the ftp-server does originate from port
20. So why can´t I just tell the firewall to accept packets from the
ftp-server which originate at port 20 and are targeted to my client?

After reading a bit through the SuSEfirewall2 script I found that such
a rule is indeed inserted:

from #SuSEfirwall2 status
assuming the client has and the ftp-server

    0     0 ACCEPT     tcp  --  *      *       state NEW,RELATED,ESTABLISHED tcp dpt:20
    0     0 ACCEPT     tcp  --  *      *       state RELATED,ESTABLISHED tcp spt:20 flags:!0x16/0x02

Now if I insert a similar rule just without the flags:... part:

    0     0 ACCEPT     tcp  --  *      *       state RELATED,ESTABLISHED tcp spt:20

Then it works. What is this flags... thing for?

Best regards,
 André                            mailto:Andre.Saenger@xxxxxx

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here