On Wed, Dec 06, 2017 at 04:15:58AM +0100, Benny Pedersen via Shorewall-users wrote: > is ssl tls using non default port 21 ? > > conntracker only know default port 21, but if ssl tls using other ports it > could be added to conntracker imho so it works the kernel way
If ftp runs the control data over ssl, there is no way the connection tracker can inspect the protocol and help in any way. So ftp over ssl clearly can't work the same as ftp as far as opening ports in a firewall is concerned using connnection tracking. For ftps you would have to use a fixed set of always forwarded ports for the data channel instead of connection tracking. -- Len Sorensen ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
