Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: iptables: block/allow ftp
Special Forums Cybersecurity iptables: block/allow ftp Post 17794 by sTorm on Wednesday 20th of March 2002 07:38:20 AM
Old 03-20-2002
For those who want to know, here is the iptables rule to block ftp connection requests from one side, and allow the request from the other:

# ftp control connection
iptables -A FORWARD -i eth1 -o eth0 -p TCP --sport 1024:65535 --dport ftp -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -p TCP ! --syn --sport ftp --dport 1024:65535 -j ACCEPT

! --syn
Means, there's no connection request. Therefore, the packet can continue it's way through the firewall.

Just in case somebody wants to know.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

iptables, ftp

I have allready opened a thread about this, but my question was really weird formed, so I'm writting it here again: I have a Network with 4 FTP Servers, then a firewall, and then a Network with clients. The clients should have access to the FTP Servers, but it should not be possible to connect... (2 Replies)
Discussion started by: sTorm
2 Replies

2. Shell Programming and Scripting

FTP inside a block of code

I need help on the code below. I am getting a compile error syntax error at line 283 : `<<' unmatched Looks like it doesn't like the << on the ftp line below. If I ran the code outside of this block everything work fine, but when I put in a block of code or in a function, I got syntax error. I... (1 Reply)
Discussion started by: leemjesse
1 Replies

3. Solaris

Want to block ftp for root user

Hi Friends, I would like to block the root user for doing ftp. As I am aware that I need to put the entry for root in /etc/ftpusers.....am I right...??? But I am not able to edit the file & even more command is not working. #ls -l ftp* total 14 -rw-r--r-- 1 root sys 1249 Jun... (3 Replies)
Discussion started by: jumadhiya
3 Replies

4. UNIX for Dummies Questions & Answers

How to block an anonymous ftp user?

Could anyone provide information on how to block a specific client machine from being able to log onto anonymous ftp? (10 Replies)
Discussion started by: dennisheazle
10 Replies

5. Shell Programming and Scripting

Block incoming traffic FTP from internet using iptables

Hi everybody. I have the next scenary: eth0: WAN eth1: DMZ eth2: LAN I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles. I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies

6. AIX

Block users ftp service

Hello everyone I create a file /etc/ftpusers to block users. I put the names of the users and I refresh the service inetd. My question is the user still log in by ftp.???? What I miss Thanks for your opinions. Greetings (2 Replies)
Discussion started by: lo-lp-kl
2 Replies

7. UNIX for Dummies Questions & Answers

iptables-ftp

I have set up a firewall on my centOS 5.6 box. I copied it from info I found online related to web servers. Everything seems to work fine but my ftp from my LAN. I am not able to ftp into the directories at all. I have the box set up as a test web server. Here is my iptable: I have opened ports... (7 Replies)
Discussion started by: ktb231
7 Replies

8. Red Hat

iptables ftp denies ls

Hi, Following is the output of iptables -S command -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -s 192.168.0.5/32 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 192.168.0.5/32 -p udp -m udp --dport 22 -j ACCEPT -A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 20 -j... (3 Replies)
Discussion started by: shahdharmit
3 Replies

9. IP Networking

vsftp | active and passive ftp | iptables

I am using vsftp but I can't login with passive mode. I can only login with active mode. I can login with both mode when service of iptables is stop. In active mode : 20,21 must be open from server site. 1023 and over must be open at client site. In passive mode : only 21,1023 and over must be... (1 Reply)
Discussion started by: getrue
1 Replies

10. IP Networking

iptables problem with ftp

I have a pretty stock iptables script. One rule allows active ftp from an outside IP address. To troubleshoot it, I opened up ftp to all connections from the outside. When a user outside our domain connects via FTP, they are denied. If I flush the rules, the ftp takes place successfully. This... (2 Replies)
Discussion started by: bricoleur
2 Replies

LEARN ABOUT DEBIAN

arpspoof

ARPSPOOF(8)						      System Manager's Manual						       ARPSPOOF(8)

NAME

       arpspoof - intercept packets on a switched LAN

SYNOPSIS

       arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host

DESCRIPTION

       arpspoof  redirects packets from a target host (or all hosts) on the LAN intended for another host on the LAN by forging ARP replies.  This
       is an extremely effective way of sniffing traffic on a switch.

       Kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter(8)) must be turned on ahead of time.

OPTIONS

       -i interface
	      Specify the interface to use.

       -c own|host|both
	      Specify which hardware address t use when restoring the arp configuration; while cleaning up, packets  can  be  send  with  the  own
	      address  as  well  as  with  the	address  of the host. Sending packets with a fake hw address can disrupt connectivity with certain
	      switch/ap/bridge configurations, however it works more reliably than using the own address, which is the default way arpspoof cleans
	      up afterwards.

       -t target
	      Specify a particular host to ARP poison (if not specified, all hosts on the LAN). Repeat to specify multiple hosts.

       -r     Poison both hosts (host and target) to capture traffic in both directions.  (only valid in conjuntion with -t)

       host   Specify the host you wish to intercept packets for (usually the local gateway).

SEE ALSO

       dsniff(8), fragrouter(8)

AUTHOR

       Dug Song <dugsong@monkey.org>

																       ARPSPOOF(8)
All times are GMT -4. The time now is 01:41 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy