Remove a section about ipfilter FTP Proxy Bugs, which were resolved in
version 3.4.3 released in 2000, a little ago. PR: docs/95263 Submitted by: Joe <fbsd_user at a1poweruser dot com>
This commit is contained in:
Remko Lodder
parent
1e03e70407
commit
babc93b92a
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=30399
1 changed files with 0 additions and 21 deletions
|
|
@ -2030,27 +2030,6 @@ pass out quick on rl0 proto tcp from any to any port > 1024 flags S keep stat
|
|||
# Active mode let data channel in from FTP server
|
||||
pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state</programlisting>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<title>FTP <acronym>NAT</acronym> Proxy Bug</title>
|
||||
|
||||
<para>As of IPFILTER version 3.4.31
|
||||
the FTP proxy works as documented during the FTP session
|
||||
until the session is told to close. When the close happens
|
||||
packets returning from the remote FTP server are blocked and
|
||||
logged coming in on port 21. The <acronym>NAT</acronym>
|
||||
FTP/proxy appears to remove its temp rules prematurely,
|
||||
before receiving the response from the remote FTP server
|
||||
acknowledging the close. A problem report was posted to the
|
||||
IPF mailing list.</para>
|
||||
|
||||
<para>The solution is to add a filter rule to get rid of these
|
||||
unwanted log messages or do nothing and ignore FTP inbound
|
||||
error messages in your log. Most people do not use outbound
|
||||
FTP too often.</para>
|
||||
|
||||
<programlisting>block in quick on rl0 proto tcp from any to any port = 21</programlisting>
|
||||
</sect3>
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue