[Ferm] Help with helpers
Kiss Gabor (Bitman)
kissg at ssg.ki.iif.hu
Fri Nov 18 18:30:20 CET 2011
Dear folks,
I try to enable TFTP traffic on a server.
I searched Google for hours without easy success.
Meanwhile several questions arised.
1. I found that ip_conntrack_tftp kernel module must be loaded.
Should I load it manually, or ferm can do it somehow?
2. This config finally works:
domain ip {
table filter {
chain INPUT {
policy DROP;
interface lo ACCEPT;
mod state state INVALID DROP;
mod state state (ESTABLISHED RELATED) ACCEPT;
saddr ($LOCALNET) proto udp dport tftp {
NOP mod helper helper tftp;
ACCEPT;
}
} # Chain INPUT
}
}
However I don't understand what happens. :-)
NOP can be replaced with ACCEPT.
The second ACCEPT cannot be omitted.
Why isn't a simple "ACCEPT mod helper helper tftp" enough?
Gabor
More information about the Ferm
mailing list