restrictive ipfw ruleset and ftp

Bill Moran wmoran at
Tue Jun 17 06:08:10 PDT 2003

Andrew Thomson wrote:
> any suggestions would be great.
> i have a restrictive ipfw ruleset that works great.. it only allows
> incoming connections that i allow and outgoing connections allow. i have
> a list of ports that i let my users go out on: 80, 22, 143, 443 etc
> etc..
> All the stuff they might need to do.
> how can i handle passive ftp though?
> i can let 21 out, but when the remote ftp server says use this x high
> port.. i block that because it's not in my list. so what can i do to get
> around this..
> not totally familiar with it, but is this what fw_punch is for within
> nat??

That's what it's designed for.  I've never used it so I can't verify how
well it works.

Bill Moran
Potential Technologies

More information about the freebsd-questions mailing list