Manualshelf

HP-UX IPFilter V17.05 Administrator Guide HP-UX 11i v2 and HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
71727374757677787980
NOTE: FTP Proxy is not supported by HP. For a complete list of unsupported utilities and
commands, see Section A.4 (page 97).
12.4.2 Passive FTP
FTP clientDirection of connection
initiated
FTP server
any port 1024 or higher<----------------port 21 (control port)
any port 1024 or higher<----------------any port 1024 or higher (data port)
To let an FTP client open a passive FTP session, configure IPFilter to allow both the control and
data connections out.
Use the following ruleset for client-side, passive FTP:
pass out quick proto tcp from client_ip port > 1023 to any port = 21 flags S keep state
pass out quick proto tcp from client_ip port > 1023 to any port > 1023 flags S keep state
block in from any to any
block out from any to any
TIP: For stronger security, configure IPFilter to allow only active FTP connections from FTP servers.
80 HP-UX IPFilter and FTP