When all you have is a hammer, everything looks like a nail: > I understand the security implications. I agree that FTP should be > handled in user space. I want a solution that can be used to firewall > FTP servers. I was proposing that this should be done in userspace, > and musing on what level of kernel support such a solution would > require.
You have a solution. ftp-proxy + reverse diff. (If you don't see the need for the reverse diff, you're obviously not thinking of both active and passive connections). Firewalling is achievable. As far as I can tell, your complaint is logging, which can surely be handled by the ftp-proxy. It can do all sorts of logging. Feed them back to your loghost via a rotate script, or syslog. But at this point, I no longer see what problem you're trying to solve. -kj