On 08/24/2018 04:28 PM, Samuel Sieb wrote:
Ok, that's great. But I'm still curious about why you need
connection
tracking working. Perhaps I was misled in thinking you were referring
to your client system. Is this actually something you're trying to do
on a gateway server?
Hi Samuel,
Firewalld takes care of this stuff automatically.
For a custom iptables firewall to track an ftp client's high ports,
you have to implement my solution.
If not, you get:
Aug 22 16:12:09 rn6 kernel: dsl-out Everything Else IN= OUT=eno2
SRC=192.168.xxx.yyy DST=208.106.xxx.yyy LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=25991 DF PROTO=TCP SPT=59698 DPT=21023 WINDOW=29200 RES=0x00 SYN URGP=0
which is ftp's high ports not being tracked.
-T