[plug] IPTABLES FTP rules
Ryan King
ryank at globaldial.com
Thu Mar 2 13:53:28 WST 2006
luca at trifelli.id.au wrote:
> Hello plug readers,
>
> I am trying to manage FTP traffic going in and out my LAN throughout my Linux
> firewall and what I exactly need to achieve is to
> allow internal users (LAN) to download whatever they need to from the Internet but
> prevent them to upload data to any Internet
> FTP server.
>
> Let's say that the Linux firewall has 2 network cards:
> - internal interface is eth0 ip address 192.168.0.1/24
> - external (Internet) interface is eth1 ip address 111.111.111.111/24
>
> Can anyone post a sample rule always if it is possible to achieve with IPTABLES, if
> not, any suggestion on possible alternatives
> will be highly appreciated.
>
> Many thanks
>
You want to block people uploading via ftp? But still download? That's
application level filtering. Only in the application layer of the
connection will you see which way the data is going (ie: diff between a
'put' and a 'get')
You will need to look at an application level filter. Something like
squid should do the trick (or a simpler ftp-proxy?).
Ryan King
More information about the plug
mailing list