ftp, cvsup, etc...

Giulio Ferro auryn at zirakzigil.org
Mon Feb 14 00:15:24 PST 2005

Hassn't anybody thought yet of a way to manage thoso protocols which
dynamically open more passive connections when the the first connection
is established, like ftp or cvsup.
Now you are forced to keep high ports open (let's say 20000-65535)  to
allow for dynamic connections, but I think that is a less than optimal 
I would be great if ipfw actually "understood" those protocols and open up
ports as need requires.

A linked question is: doesn't anybody else think that protocol inspection
would be a very desirable feature in ipfw? Maybe together with a virus
scan for client-side code (activex, plugin, applet, etc...)


More information about the freebsd-ipfw mailing list