[Ferm] Help with helpers
Kiss Gabor (Bitman)
kissg at ssg.ki.iif.hu
Sat Nov 19 14:19:07 CET 2011
Hi, Max. Thanks for your reply.
> > 1. I found that ip_conntrack_tftp kernel module must be loaded.
> > Should I load it manually, or ferm can do it somehow?
>
> ferm will not attempt to load kernel modules. You may check if the
> kernel auto-loads modules when you refer to a netfilter module, or you
> may use ferm hooks.
That's clear. Thank you.
> > 2. This config finally works:
> [...]
> > Why isn't a simple "ACCEPT mod helper helper tftp" enough?
>
> I don't know, but I don't know what happened and how it failed when
> you tried that.
That means no TFTP file transfer happens.
Then I inserted below a last resort rule that allowed all
UDP traffic for the TFTP client host and logged it with
'Ooops! Unexpected packet' remark.
So without the bare ACCEPT action I could see these warnings
in firewall log.
Regards
Gabor
More information about the Ferm
mailing list