Hi I notice that Shorewall support FTP connection tracking I have recently install ipconntrack for sip and was wondering if Shorewall supported this? And would it be similar to how the ftp is used? Kind Regards William ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Mon, 2006-07-17 at 16:42 +0000, William Bohannan wrote:> Hi I notice that Shorewall support FTP connection trackingShorewall has nothing to do with FTP connection tracking support other than to load the appropriate modules. There is no code in Shorewall that "supports" FTP connection tracking.> I have recently install ipconntrack for sip and was wondering if > Shorewall supported this?Again, Shorewall contains no code that supports application-specific connection tracking.> And would it be similar to how the ftp is used?With Shorewall, you define how you want primary connections to be handled; all secondary connections (as determined by Netfilter and it''s connection tracking extensions) are permitted if the primary connection is permitted. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep wrote:> ... >> I have recently install ipconntrack for sip and was wondering if >> Shorewall supported this? > > Again, Shorewall contains no code that supports application-specific > connection tracking.The rules i''m using for SIP at present are: outgoing UDP 5060, and incoming UDP 6000,7070-7079. Your VoIP provider might require something slightly different, but i''ve found the default UDP connection tracking to work fine once these ports are opened. Paul ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Thanks Paul -----Original Message----- From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] On Behalf Of Paul Gear Sent: 17 July 2006 23:26 To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] sip connection tracking in shorewall Tom Eastep wrote:> ... >> I have recently install ipconntrack for sip and was wondering if >> Shorewall supported this? > > Again, Shorewall contains no code that supports application-specific > connection tracking.The rules i''m using for SIP at present are: outgoing UDP 5060, and incoming UDP 6000,7070-7079. Your VoIP provider might require something slightly different, but i''ve found the default UDP connection tracking to work fine once these ports are opened. Paul ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV