[CentOS] Default CentOS(Redhat) iptables, Secure?

Kai Schaetzl maillists at conactive.com
Wed Nov 30 16:31:28 UTC 2005

Aleksandar Milivojevic wrote on Wed, 30 Nov 2005 09:16:34 -0600:

> For example, the correct way to 
> allow active FTP data connection, you would allow packet in only if it is sent 
> from port 20 (-p tcp --sport 20), *and* it is connection to high port 
> (preferrably in 49152-65534 range, although some broken FTP servers use entire 
> 1024-65534 range, but definettely high port) (--dport 49152:65534) *and* 
> related to existing FTP control channel (-m state --state RELATED) 
> *and* it was 
> marked as related by ftp helper module (-m helper --helper ftp).

Is that "helper" identical with the ip_conntrack_ftp module or is this something 


Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

More information about the CentOS mailing list