From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 14 08:15:23 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8DB016A4CE for ; Mon, 14 Feb 2005 08:15:23 +0000 (GMT) Received: from aurynhome1sv1.zirakzigil.org (host48-93.pool8288.interbusiness.it [82.88.93.48]) by mx1.FreeBSD.org (Postfix) with SMTP id 341E243D58 for ; Mon, 14 Feb 2005 08:15:20 +0000 (GMT) (envelope-from auryn@zirakzigil.org) Received: (qmail 32242 invoked by uid 85); 14 Feb 2005 08:15:20 -0000 Received: from unknown (HELO zirakzigil.org) (gferro@giulioferro.it@192.168.0.122) by 0 with SMTP; 14 Feb 2005 08:15:19 -0000 Message-ID: <42105E0F.30204@zirakzigil.org> Date: Mon, 14 Feb 2005 09:15:11 +0100 From: Giulio Ferro User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-11 Subject: ftp, cvsup, etc... X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Feb 2005 08:15:24 -0000 Hassn't anybody thought yet of a way to manage thoso protocols which dynamically open more passive connections when the the first connection is established, like ftp or cvsup. Now you are forced to keep high ports open (let's say 20000-65535) to allow for dynamic connections, but I think that is a less than optimal solution. I would be great if ipfw actually "understood" those protocols and open up ports as need requires. A linked question is: doesn't anybody else think that protocol inspection would be a very desirable feature in ipfw? Maybe together with a virus scan for client-side code (activex, plugin, applet, etc...) Bye.