restrictive ipfw ruleset and ftp

Kirk Strauser kirk at
Tue Jun 17 07:08:49 PDT 2003

At 2003-06-17T12:13:46Z, Andrew Thomson <ajthomson at> writes:

> i have a list of ports that i let my users go out on: 80, 22, 143, 443 etc
> etc..

Out of curiosity, do you have control over the set of machines that your
users are connecting to?  I.e., are they uploading to your own FTP server at
a colo site?  If so, you might consider dropping FTP altogether in favor of
SFTP.  It's radically easier to firewall; you just open a single TCP port.
You also get decent authentication and end-to-end encryption.  Just a
Kirk Strauser
In Googlis non est, ergo non est.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url :

More information about the freebsd-questions mailing list