论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2007-12-11 20:14 |只看该作者 |倒序浏览

应用环境 CentOS4
proftp

vi proftpd.conf

PassivePorts min-pasv-port max-pasv-port

复制代码

PassivePorts 60000 65000

复制代码

Min-pasv-port must be port >= 1024.

iptables

iptables -F
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 21,22 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 60000:65000 --syn -j ACCEPT

复制代码

[root@sing2 ~]# iptables -L
Chain INPUT (policy DROP)
target    prot opt source             destination
ACCEPT    tcp  --  anywhere          anywhere          multiport dports ftp,ssh,mysql
ACCEPT    tcp  --  anywhere          anywhere          tcp dpts:60000:65000 flags:SYN,RST,ACK/SYN
ACCEPT    all  --  anywhere          anywhere
ACCEPT    all  --  anywhere          anywhere          state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target    prot opt source             destination

Chain OUTPUT (policy ACCEPT)
target    prot opt source             destination

[ 本帖最后由 cifan 于 2007-12-11 20:16 编辑 ]