View Single Post
  #6   (View Single Post)  
Old 24th August 2008
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,540

I tried once, but I haven't found a way to trick ftp-proxy to run on a single interface.

You could add the ftp rules to a pf anchor and disable them when you don't need ftp. Remember that the ports use ftp

Another option could be to store the allowed ftp sites in a table and make the ftp rules only applicable to these sites. But if you add software by using the FBSD ports mechanism, this becomes very difficult.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote