Projects > ftpsesame
ftpsesame
ftpsesame helps the FTP protocol get through your pf firewall. It does this by passively analysing FTP control connections and adding rules into a pf anchor when an FTP data connection is about to commence.
You might want to try ftpsesame instead of ftp-proxy(8) from the OpenBSD base system for the following reasons:
Read the manpage for details.
Download ftpsesame-0.91 for OpenBSD 3.4 and 3.5.
Download ftpsesame-0.95 for OpenBSD 3.6.
ftpsesame helps the FTP protocol get through your pf firewall. It does this by passively analysing FTP control connections and adding rules into a pf anchor when an FTP data connection is about to commence.
You might want to try ftpsesame instead of ftp-proxy(8) from the OpenBSD base system for the following reasons:
- it runs on "transparent" (no IP address) bridges
- you need packetfilter performance on all data connections
- you have to handle lots of simultaneous sessions
- you do not want to redirect any traffic to the firewall itself: for IP accounting or other reasons
Read the manpage for details.
Download ftpsesame-0.91 for OpenBSD 3.4 and 3.5.
Download ftpsesame-0.95 for OpenBSD 3.6.
Changelog 2004-10-08 camield * version 0.95 - update for improved anchors on OpenBSD 3.6 * version 0.91 - remove layer-2 MAC checking - tweaked some log priorities - this will be the last version for OpenBSD 3.4 / 3.5 2004-04-02 * version 0.9 - tzset before chroot() - add layer-2 MAC checking for anti-spoofing purposes - add workaround for Microsoft FTP server - more linktypes 2004-01-09 * version 0.8 - check that pf is enabled - use BIOCIMMEDIATE on bpf descriptor - stricter matching of server replies - more notes in manpage SECURITY section 2004-01-07 * version 0.7 - first release on pf@benzedrine mailinglist