Subject: Re: ipfilter changes in 1.4.2
To: Manuel Bouyer <email@example.com>
From: Darren Reed <firstname.lastname@example.org>
Date: 04/25/2000 00:42:08
In some email I received from Manuel Bouyer, sie wrote:
> On Tue, Apr 25, 2000 at 03:52:42PM +1000, Darren Reed wrote:
> > In some email I received from Manuel Bouyer, sie wrote:
> > >
> > > In fact the previous behavior was a bug :)
> > > The new behavior cause problems only if you use ftp or rsh proxy (that is,
> > > protocols that need incoming TCP connections to dynamic ports).
> > > But the rigth thing to do here would be to have to ftp or rsh proxy
> > > dynamically update the filters when required. Darren, are you listening ? :)
> > hmm ? They should be setting up keep state things to let through the
> > other connection automatically, if you use them.
> I don't use keep-state. Can I use keep-state only for ftp proxy ?
If you're using the ipfilter proxy for ftp/rcmd, then it will
automatically add the correct state information.