Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 14 Feb 2005 09:15:11 +0100
From:      Giulio Ferro <auryn@zirakzigil.org>
To:        freebsd-ipfw@freebsd.org
Subject:   ftp, cvsup, etc...
Message-ID:  <42105E0F.30204@zirakzigil.org>

next in thread | raw e-mail | index | archive | help
Hassn't anybody thought yet of a way to manage thoso protocols which
dynamically open more passive connections when the the first connection
is established, like ftp or cvsup.
Now you are forced to keep high ports open (let's say 20000-65535)  to
allow for dynamic connections, but I think that is a less than optimal 
solution.
I would be great if ipfw actually "understood" those protocols and open up
ports as need requires.

A linked question is: doesn't anybody else think that protocol inspection
would be a very desirable feature in ipfw? Maybe together with a virus
scan for client-side code (activex, plugin, applet, etc...)

Bye.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42105E0F.30204>