[Shorewall-users] ftp works in a strange way.....or....

Paul Gear paulgear@bigfoot.com
Sat, 27 Apr 2002 08:06:21 +1000


Goetz Reinicke wrote:

> ...
> I added IP_FORWARDING="on" in the shorewall.conf and have the following
> rules for ftp:
>
> ACCEPT  fw      net             tcp     ftp
> ACCEPT  fw      local           tcp     ftp
>
> So can anynone explain to me, why my ftp clients are allowed to connenct
> to ftp-servers at the internet??

What is your loc -> net policy?  If it's accept, then they can get there
without needing any rules.

Paul
http://paulgear.webhop.net