hello,

How do I create IP rules for outgoing ftp connection on my linux which was SuSe 8.2.

I have a list of 100+ host/ftp server where this linux box is allowed to ftp to and I want to block other ftp server so that my linux cannot connect to any other ftp server which is not in the allowed host. Is it possible to do that?

i have a friend told me that you can do that using 'iptables' but i'm not sure how to do it.
any help highly appreciated.

i already tried searching on this forum for this topic before but cannot find it. i'm sorry if i create duplicate post about this topic. please give me the link of the similar post and delete this post if that so.

thx!

Hi Khairil,

Welcome to Linux Questions.org.

You may have a look at following links to do that.

http://iptables-tutorial.frozentux.n...-tutorial.html

&

http://easyfwgen.morizot.net/gen/



Aniruddha

Hi again,


This would be the last rule in your ftp chain:-


iptables -I OUTPUT -p tcp --destination-port 21 -j DROP


And this rule should be applied for all hosts you want to allow:-


iptables -I OUTPUT -p tcp -d allowed-host.com --destination-port 21 -j ACCEPT





To dynamically enter it, Create a root readable list containing those hostnames and add following in your iptables script:-

Hope, This helps you out,


Aniruddha

thx a lot imagenners7! that should give me some basic idea what iptables is all about.

but what if the remote ftp server uses a non standard port like 2121 or 22? is there any other way iptables can tell the outgoing connection is FTP connection beside by looking at port number?

thank a lot!

Hi Khairil,


Yes, there is such module which does just that and it is contrack - ftp.

Please, go through the links that I provided above to know more,




Aniruddha

conntrack ftp? that wud be very interesting.. thx