I found Michael's ftp-data patch (http://www.suse.de/~mha) a few days ago,
and wanted to use it to disable incoming TCP connections on ports >1024
except FTP passive ones. However the patch is not suited for that purpose
(it is for active connections going through firewall), but as Michael
wrote below it could be adapted.
Unfortunately I'm completely unfamiliar with the kernel source code and
don't have enough time to make the necessary changes - maybe someone is
willing to help? I'm sure that this feature would be quite useful for many
people who run FTP servers and want to secure them a bit.
I'll be trying to watch the list, but it would be kind of you if answers
(in case there any) could also be CC'ed to my email.
P.S. I know that in wu-ftpd there is feature to restrict the port range,
but I run different ftp server.
----- Forwarded message from Michael Hasenstein <mha@suse.de> -----
> ports >1024, except PASSIVE ftp connections. Looking at the source I've
> got the idea that the patch doesn't do that - however, is it possible to
> adapt it for my situation?
It filters for PORT commands, PASV is not supported. It is for filtering
FTP-clients (behind your firewall), not for protecting your servers, as
you've already noticed. I have no plans to do more. Should be easy to
adapt it for your setup.
-- Michael Hasenstein http://www.suse.de/~mha/ Private Pilot (ASEL) since 1998
----- End forwarded message -----
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/