On Mon, Oct 27, 2008 at 10:45:38PM +0200, Axel Thimm wrote:
But dynamical ports are not new to iptables, [...] even p-o-d passive ftp need them [...]
Actually I meant active ftp. While passive ftp also negotiates dynamical ports the non-trivial firewall setup is when the server tries to connect to a seemingless random port within the secured IP range.